Vulnerabilities > Magento > High

DATE CVE VULNERABILITY TITLE RISK
2019-11-06 CVE-2019-8144 Unspecified vulnerability in Magento 2.3.0/2.3.1/2.3.2
A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento
7.5
2019-11-06 CVE-2019-8136 Unspecified vulnerability in Magento
An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento
7.5
2019-11-06 CVE-2019-8135 Injection vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-74
7.5
2019-11-05 CVE-2019-8121 Unspecified vulnerability in Magento
An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
network
low complexity
magento
7.5
2019-08-02 CVE-2019-7890 Authorization Bypass Through User-Controlled Key vulnerability in Magento
An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-639
7.5
2019-04-10 CVE-2019-7139 SQL Injection vulnerability in Magento
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage.
network
low complexity
magento CWE-89
7.5
2017-01-23 CVE-2016-4010 Injection vulnerability in Magento
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.
network
low complexity
magento CWE-74
7.5