Vulnerabilities > Magento > High

DATE CVE VULNERABILITY TITLE RISK
2019-08-02 CVE-2019-7911 Server-Side Request Forgery (SSRF) vulnerability in Magento
A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-918
7.2
7.2
2019-08-02 CVE-2019-7903 Unspecified vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento
7.2
7.2
2019-08-02 CVE-2019-7896 Unspecified vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento
7.2
7.2
2019-08-02 CVE-2019-7895 Unspecified vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento
7.2
7.2
2019-08-02 CVE-2019-7892 Server-Side Request Forgery (SSRF) vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-918
7.2
7.2
2019-08-02 CVE-2019-7890 Authorization Bypass Through User-Controlled Key vulnerability in Magento
An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-639
7.3
7.3
2019-08-02 CVE-2019-7886 Use of Insufficiently Random Values vulnerability in Magento
A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-330
7.5
7.5
2019-08-02 CVE-2019-7885 Improper Input Validation vulnerability in Magento
Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-20
8.8
8.8
2019-08-02 CVE-2019-7876 Unspecified vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento
8.8
8.8
2019-08-02 CVE-2019-7871 Code Injection vulnerability in Magento
A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code.
network
low complexity
magento CWE-94
8.8
8.8