Exposición de Magento

CMS, Ecommerce

312

score de exposición

34.078

sitios usan

2

en explotación

28

críticos

CVEs

285 resultados

CVE-2023-22247HIGHAdobe Commerce XML Injection Arbitrary file system readEPSS 0.9%CVE-2019-7898—Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, MaEPSS 0.9%CVE-2019-7899—Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.EPSS 0.9%CVE-2019-7852—A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for EPSS 0.9%CVE-2019-8113—Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the cEPSS 0.9%CVE-2023-22248HIGHAdobe Commerce Incorrect Authorization Security feature bypassEPSS 0.9%CVE-2019-8143—A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with acceEPSS 0.9%CVE-2019-7872—An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prioEPSS 0.9%CVE-2019-7864—An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9,EPSS 0.9%CVE-2019-8126—An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin EPSS 0.9%CVE-2023-29292MEDIUMServer Side Request Forgery (SSRF) in FedEx carrier integration configurationEPSS 0.9%CVE-2019-8109—A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user cEPSS 0.9%CVE-2022-34257MEDIUMAdobe Commerce Stored XSS Arbitrary code executionEPSS 0.9%CVE-2019-8232—In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authentiEPSS 0.9%CVE-2019-7877—A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.EPSS 0.8%CVE-2019-7890—An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2EPSS 0.8%CVE-2023-41879HIGHMagento LTS's guest order "protect code" can be brute-forced too easilyEPSS 0.8%CVE-2026-5603MEDIUMelgentos magento2-dev-mcp index.ts executeMagerun2Command os command injectionEPSS 0.8%CVE-2019-8123—An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, MagentoEPSS 0.8%CVE-2019-7889—An injection vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.EPSS 0.8%

← anteriorpágina 10 / 15siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →