Exposición de Magento
CMS, Ecommerce312
score de exposición
34.078
sitios usan
2
en explotación
28
críticos
CVEs
285 resultadosCVE-2020-26295HIGHCMS Editor code executionEPSS 1.8%CVE-2021-28584MEDIUMMagento Commerce path traversal vulnerability in child theme store creationEPSS 1.8%CVE-2019-7892—A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authEPSS 1.8%CVE-2019-8125—A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration paEPSS 1.7%CVE-2019-8091—A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to acceEPSS 1.7%CVE-2021-36012MEDIUMMagento Commerce Gift Card Business Logic ErrorEPSS 1.7%CVE-2021-36037MEDIUMMagento Commerce Improper Authorization Vulnerability Could Lead To Information ExposureEPSS 1.7%CVE-2022-34255HIGHAdobe Commerce Improper Access Control Privilege escalationEPSS 1.7%CVE-2021-36038MEDIUMMagento Commerce Multishipping Module Improper Input Validation Could Lead To Information ExposureEPSS 1.7%CVE-2020-24408MEDIUMStored XSS in customer address upload featureEPSS 1.7%CVE-2019-8156—A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authentEPSS 1.7%CVE-2019-8151—A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user wEPSS 1.7%CVE-2021-36039MEDIUMMagento Commerce `quoteId` parameter Incorrect Authorization Vulnerability Could Lead To Information DisclosureEPSS 1.7%CVE-2020-24402MEDIUMIncorrect permissions in the Integrations component could lead to unauthorized deletion of customer details via REST APIEPSS 1.7%CVE-2021-21031MEDIUMMagento Commerce Failure To Invalidate User Session Could Lead To Unauthorized AccessEPSS 1.7%CVE-2021-21027MEDIUMMagento Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Data ModificationEPSS 1.7%CVE-2021-36026MEDIUMMagento Commerce Stored Cross-site Scripting VulnerabilityEPSS 1.6%CVE-2020-9690—Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitationEPSS 1.6%CVE-2020-24403LOWIncorrect permissions could lead to unauthorized modification of inventory source data via REST APIEPSS 1.6%CVE-2021-21023MEDIUMMagento Commerce Stored Cross Site Scripting Vulnerability Could Lead To Arbitrary Code ExecutionEPSS 1.6%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →