Exposure of Magento
CMS, Ecommerce312
exposure score
34,078
sites use
2
exploited
28
critical
CVEs
285 resultsCVE-2019-8141—A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An autEPSS 2.4%CVE-2021-36041CRITICALMagento Commerce Improper Input Validation Could Lead To Remote Code ExecutionEPSS 2.3%CVE-2021-36034CRITICALMagento Commerce Improper Input Validation Could Lead To Remote Code ExecutionEPSS 2.3%CVE-2020-24401MEDIUMIncorrect permissions following the deletion of a user role or deactivation of a userEPSS 2.3%CVE-2020-24400HIGHSQL injection allows arbitrary read from databaseEPSS 2.3%CVE-2023-38208CRITICALValidate Your Inputs | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)EPSS 2.3%CVE-2021-36030HIGHMagento Commerce Improper Input Validation During Checkout Process Could Lead To Privilege EscalationEPSS 2.2%CVE-2021-21022MEDIUMMagento Commerce Incorrect permissions Could Lead To Unauthorized AccessEPSS 2.2%CVE-2021-36032HIGHMagento Commerce Improper Input Validation Could Lead To Information Exposure and Privilege EscalationEPSS 2.2%CVE-2019-7950—An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unaEPSS 2.2%CVE-2019-8149—Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. EPSS 2.1%CVE-2019-7903—A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authEPSS 2.1%CVE-2020-26252HIGHLayout XML RCE Vulnerability in OpenMageEPSS 2.1%CVE-2020-24406LOWDocument root path disclosure on Maintenance pageEPSS 2.1%CVE-2019-7861—Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18,EPSS 2.0%CVE-2012-6091—Zend_XmlRpc Class in Magento before 1.7.0.2 contains an information disclosure vulnerability.EPSS 2.0%CVE-2022-34254HIGHAdobe Commerce Improper Limitation of a Pathname to a Restricted Directory Arbitrary code executionEPSS 2.0%CVE-2021-32758HIGHLayout XML Arbitrary Code FixEPSS 2.0%CVE-2019-7876—A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authEPSS 2.0%CVE-2019-7885—Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior toEPSS 2.0%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →