Vulnerabilities > Magento > High

DATE CVE VULNERABILITY TITLE RISK
2020-01-29 CVE-2020-3719 SQL Injection vulnerability in Magento
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability.
network
low complexity
magento CWE-89
7.5
2020-01-15 CVE-2015-6497 Improper Input Validation vulnerability in Magento
The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap.
network
low complexity
magento CWE-20
8.8
2019-11-06 CVE-2019-8156 Server-Side Request Forgery (SSRF) vulnerability in Magento
A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-918
7.2
2019-11-06 CVE-2019-8231 Unspecified vulnerability in Magento
In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.
network
low complexity
magento
7.2
2019-11-06 CVE-2019-8230 Unspecified vulnerability in Magento
In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path.
network
low complexity
magento
7.2
2019-11-06 CVE-2019-8229 Unspecified vulnerability in Magento
In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates.
network
low complexity
magento
7.2
2019-11-06 CVE-2019-8159 OS Command Injection vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-78
8.8
2019-11-06 CVE-2019-8155 Cross-Site Request Forgery (CSRF) vulnerability in Magento
Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request.
network
low complexity
magento CWE-352
7.5
2019-11-06 CVE-2019-8154 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-829
8.8
2019-11-06 CVE-2019-8151 Server-Side Request Forgery (SSRF) vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-918
7.2