Vulnerabilities > Magento

DATE CVE VULNERABILITY TITLE RISK
2020-11-09 CVE-2020-24407 Unrestricted Upload of File with Dangerous Type vulnerability in Magento
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution.
network
low complexity
magento CWE-434
critical
9.0
2020-11-09 CVE-2020-24406 Path Traversal vulnerability in Magento
When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier) are affected by an information disclosure vulnerability that could expose the installation path during build deployments.
network
magento CWE-22
4.3
2020-11-09 CVE-2020-24405 Unspecified vulnerability in Magento
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions issue vulnerability in the Inventory module.
network
low complexity
magento
4.3
2020-11-09 CVE-2020-24404 Unspecified vulnerability in Magento
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability within the Integrations component.
network
low complexity
magento
2.7
2020-11-09 CVE-2020-24403 Unspecified vulnerability in Magento
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component.
network
low complexity
magento
2.7
2020-11-09 CVE-2020-24402 Incorrect Default Permissions vulnerability in Magento
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component.
network
low complexity
magento CWE-276
5.5
2020-11-09 CVE-2020-24401 Incorrect Authorization vulnerability in Magento
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability.
network
low complexity
magento CWE-863
5.5
2020-11-09 CVE-2020-24400 SQL Injection vulnerability in Magento
Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure.
network
low complexity
magento CWE-89
5.5
2020-10-16 CVE-2020-24408 Cross-site Scripting vulnerability in Magento
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component.
network
magento CWE-79
4.3
2020-08-20 CVE-2020-15151 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks.
network
high complexity
openmage magento CWE-352
4.0