Security News > 2019 > March > Magento Patches Critical SQL Injection and RCE Vulnerabilities

2019-03-29 16:26
Magento patched 37 flaws Thursday, including a stored cross-site scripting (XSS) vulnerability that could have let an attacker take over a site.
News URL
https://threatpost.com/magento-xss-csrf-rce-vulnerabilities/143274/
Related news
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- GitLab patches critical authentication bypass vulnerabilities (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
- OpenAI now pays researchers $100,000 for critical vulnerabilities (source)