Security News > 2019 > March > Magento Patches Critical SQL Injection and RCE Vulnerabilities

Magento Patches Critical SQL Injection and RCE Vulnerabilities

2019-03-29 16:26

Magento patched 37 flaws Thursday, including a stored cross-site scripting (XSS) vulnerability that could have let an attacker take over a site.

News URL

https://threatpost.com/magento-xss-csrf-rce-vulnerabilities/143274/

#critical #magento #RCE #SQL #vulnerabilities

Related news

Zabbix urges upgrades after critical SQL injection bug disclosure (source)
Veeam warns of critical RCE bug in Service Provider Console (source)
Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
Apache issues patches for critical Struts 2 RCE bug (source)
CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)
Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now (source)
Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Magento		3	4	103	65	27	199

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.