Security News > 2019 > March > Magento Patches Critical SQL Injection and RCE Vulnerabilities

Magento Patches Critical SQL Injection and RCE Vulnerabilities

2019-03-29 16:26

Magento patched 37 flaws Thursday, including a stored cross-site scripting (XSS) vulnerability that could have let an attacker take over a site.

News URL

https://threatpost.com/magento-xss-csrf-rce-vulnerabilities/143274/

#critical #magento #RCE #SQL #vulnerabilities

Related news

Critical PHP RCE vulnerability mass exploited in new attacks (source)
GitLab patches critical authentication bypass vulnerabilities (source)
Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
OpenAI now pays researchers $100,000 for critical vulnerabilities (source)
Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered (source)

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Magento		3	4	103	65	27	199

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.