Vulnerabilities > Magento > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-02 | CVE-2019-7895 | Unspecified vulnerability in Magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 7.2 |
| 2019-08-02 | CVE-2019-7892 | Server-Side Request Forgery (SSRF) vulnerability in Magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 7.2 |
| 2019-08-02 | CVE-2019-7890 | Authorization Bypass Through User-Controlled Key vulnerability in Magento An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 7.3 |
| 2019-08-02 | CVE-2019-7886 | Use of Insufficiently Random Values vulnerability in Magento A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 7.5 |
| 2019-08-02 | CVE-2019-7885 | Improper Input Validation vulnerability in Magento Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 8.8 |
| 2019-08-02 | CVE-2019-7876 | Unspecified vulnerability in Magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 8.8 |
| 2019-08-02 | CVE-2019-7871 | Code Injection vulnerability in Magento A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. | 8.8 |
| 2019-08-02 | CVE-2019-7865 | Cross-Site Request Forgery (CSRF) vulnerability in Magento A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 8.8 |
| 2019-08-02 | CVE-2019-7861 | Unrestricted Upload of File with Dangerous Type vulnerability in Magento Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 7.5 |
| 2019-08-02 | CVE-2019-7860 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Magento A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 7.5 |