Vulnerabilities > Magento
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-02 | CVE-2019-7861 | Unrestricted Upload of File with Dangerous Type vulnerability in Magento Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 7.5 |
| 2019-08-02 | CVE-2019-7860 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Magento A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 7.5 |
| 2019-08-02 | CVE-2019-7859 | Path Traversal vulnerability in Magento A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control. | 7.5 |
| 2019-08-02 | CVE-2019-7858 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Magento A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks. | 7.5 |
| 2019-08-02 | CVE-2019-7857 | Cross-Site Request Forgery (CSRF) vulnerability in Magento A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a shopper's cart due to an insufficiently robust anti-CSRF token implementation. | 4.3 |
| 2019-08-02 | CVE-2019-7855 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Magento A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation. | 5.3 |
| 2019-08-02 | CVE-2019-7854 | Authorization Bypass Through User-Controlled Key vulnerability in Magento An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details. | 7.5 |
| 2019-08-02 | CVE-2019-7853 | Cross-site Scripting vulnerability in Magento A stored cross-site scripting vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 4.8 |
| 2019-08-02 | CVE-2019-7852 | Information Exposure vulnerability in Magento A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 5.3 |
| 2019-08-02 | CVE-2019-7851 | Cross-Site Request Forgery (CSRF) vulnerability in Magento A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages. | 6.5 |