Exposure of Magento
CMS, Ecommerce312
exposure score
34,078
sites use
2
exploited
28
critical
CVEs
285 resultsCVE-2020-3719—Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. SEPSS 3.2%CVE-2021-36033CRITICALMagento Commerce Widgets Module XML Injection Vulnerability Could Lead To Remote Code ExecutionEPSS 3.0%CVE-2021-36031HIGHMagento Commerce Path Traversal In `theme[preview_image]` Parameter Could Lead To Remote Code ExecutionEPSS 3.0%CVE-2020-26285HIGHWidget instances allows a hacker to inject an executable file on the server on OpenMageEPSS 2.9%CVE-2021-21015HIGHMagento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code ExecutionEPSS 2.9%CVE-2021-36028CRITICALMagento Commerce XML Injection Vulnerability Could Lead To Remote Code ExecutionEPSS 2.8%CVE-2021-36024CRITICALMagento Commerce Improper Neutralization of Special Elements Used In A CommandEPSS 2.8%CVE-2021-36040CRITICALMagento Commerce Improper Input Validation Could Lead To Remote Code ExecutionEPSS 2.8%CVE-2021-21024CRITICALMagento Commerce Blind SQL Injection Could Lead To Unauthorized AccessEPSS 2.8%CVE-2021-36035CRITICALMagento Commerce Stock Media Improper Input Validation Could Lead To Remote Code ExecutionEPSS 2.7%CVE-2021-36025CRITICALMagento Commerce Customer Edition Improper Input Validation Could Lead To Remote Code ExecutionEPSS 2.7%CVE-2021-36020HIGHMagento Commerce XML Injection Vulnerability In The 'City' Field Could Lead To Remote Code ExecutionEPSS 2.6%CVE-2020-9588—Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing dEPSS 2.5%CVE-2019-8144—A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payloEPSS 2.5%CVE-2019-8135—A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Dependency injection thEPSS 2.5%CVE-2019-7930—A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticEPSS 2.4%CVE-2021-21020MEDIUMMagento Commerce Improper Access Control VulnerabilityEPSS 2.4%CVE-2019-7932—A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prEPSS 2.4%CVE-2021-36029CRITICALMagento Commerce Improper Authorization Vulnerability Could Lead To Remote Code ExecutionEPSS 2.4%CVE-2021-36042CRITICALMagento Commerce API File Option Upload Extension Improper Input Validation Vulnerability Could Lead To Remote Code ExecutionEPSS 2.4%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →