Vulnerabilities > Magento > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-06 | CVE-2019-8144 | Unspecified vulnerability in Magento 2.3.0/2.3.1/2.3.2 A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 7.5 |
| 2019-11-06 | CVE-2019-8136 | Unspecified vulnerability in Magento An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 7.5 |
| 2019-11-06 | CVE-2019-8135 | Injection vulnerability in Magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 7.5 |
| 2019-11-05 | CVE-2019-8121 | Unspecified vulnerability in Magento An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. | 7.5 |
| 2019-08-02 | CVE-2019-7890 | Authorization Bypass Through User-Controlled Key vulnerability in Magento An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 7.5 |
| 2019-04-10 | CVE-2019-7139 | SQL Injection vulnerability in Magento An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. | 7.5 |
| 2017-01-23 | CVE-2016-4010 | Injection vulnerability in Magento Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data. | 7.5 |