Vulnerabilities > Magento > Magento > 1.9.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-04-29 | CVE-2015-1399 | Code Injection vulnerability in Magento 1.14.1.0/1.9.1.0 PHP remote file inclusion vulnerability in the fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary PHP code via a URL in unspecified vectors involving the setScriptPath function. | 6.5 |
| 2015-04-29 | CVE-2015-1398 | Path Traversal vulnerability in Magento 1.14.1.0/1.9.1.0 Multiple directory traversal vulnerabilities in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote authenticated users to include and execute certain PHP files via (1) .. | 6.5 |
| 2015-04-29 | CVE-2015-1397 | SQL Injection vulnerability in Magento 1.14.1.0/1.9.1.0 SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary SQL commands via the popularity[field_expr] parameter when the popularity[from] or popularity[to] parameter is set. | 6.5 |