Security News > 2019 > March > Magento Patches Critical SQL Injection and RCE Vulnerabilities

Magento Patches Critical SQL Injection and RCE Vulnerabilities

2019-03-29 16:26

Magento patched 37 flaws Thursday, including a stored cross-site scripting (XSS) vulnerability that could have let an attacker take over a site.

News URL

https://threatpost.com/magento-xss-csrf-rce-vulnerabilities/143274/

#critical #magento #RCE #SQL #vulnerabilities

Related news

Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
SAP fixes critical vulnerabilities in NetWeaver application servers (source)
Critical vulnerabilities remain unresolved due to prioritization gaps (source)
Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)
Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
Netgear warns users to patch critical WiFi router vulnerabilities (source)
Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)
Critical RCE bug in Microsoft Outlook now exploited in attacks (source)

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Magento		3	4	103	65	27	199

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.