Exposición de Magento
CMS, Ecommerce312
score de exposición
34.078
sitios usan
2
en explotación
28
críticos
CVEs
285 resultadosCVE-2019-7904—Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 coulEPSS 0.8%CVE-2021-28567MEDIUMMagento Commerce improper authorization allows an authenticated user to perform certain functions without permissionEPSS 0.8%CVE-2023-29289MEDIUMAdobe Commerce XML Injection Security feature bypassEPSS 0.8%CVE-2019-8090—An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An EPSS 0.8%CVE-2019-8107—An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated useEPSS 0.8%CVE-2019-8140—An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated adEPSS 0.8%CVE-2023-38209MEDIUMAdobe Commerce Incorrect Authorization Security feature bypassEPSS 0.7%CVE-2019-8233—In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a reEPSS 0.7%CVE-2019-7858—A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitEPSS 0.7%CVE-2019-7925—An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prioEPSS 0.7%CVE-2019-8118—Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed loEPSS 0.7%CVE-2021-32684MEDIUMMissing Handler in @scandipwa/magento-scriptsEPSS 0.7%CVE-2022-35692MEDIUMAdobe Commerce Improper Access Control Security feature bypassEPSS 0.7%CVE-2026-40488HIGHOpenMage LTS has Customer File Upload Extension Blocklist Bypass that Leads to Remote Code ExecutionEPSS 0.7%CVE-2023-29294MEDIUMBypass Purchase Order Approval using Company User in Adobe Commerce B2BEPSS 0.7%CVE-2023-29287MEDIUMAdobe Commerce Information Exposure Security feature bypassEPSS 0.6%CVE-2019-8152—A stored cross-site scripting (XSS) vulnerability exists in in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, MagentoEPSS 0.6%CVE-2023-29295MEDIUMInsecure Direct Object Reference (IDOR) in Create Quote FunctionEPSS 0.6%CVE-2023-29296MEDIUM[Cloud] Customer suspects IDOR vulnerabilityEPSS 0.6%CVE-2023-29290MEDIUMAdobe Commerce Guest Cart Shipping Address Overwrite IDOR EPSS 0.6%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →