Vulnerabilities > Magento > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-26 | CVE-2015-8707 | Information Exposure vulnerability in Magento Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field. | 5.0 |
2017-09-20 | CVE-2014-9758 | Cross-site Scripting vulnerability in Magento 1.9.0.1 Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1. | 4.3 |
2017-03-01 | CVE-2016-6485 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Magento Magento2 The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value. | 5.0 |
2016-04-15 | CVE-2016-2212 | Information Exposure vulnerability in Magento The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enterprise Edition before 1.14.2.3 and Magento Community Edition before 1.9.2.3 allows remote attackers to obtain sensitive order information via the order_id in a JSON object in the data parameter in an RSS feed request to index.php/rss/order/status. | 5.0 |
2015-04-29 | CVE-2015-3458 | Permissions, Privileges, and Access Controls vulnerability in Magento 1.14.1.0/1.9.1.0 The fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP files via the phar:// stream wrapper, related to the setScriptPath function. | 6.5 |
2015-04-29 | CVE-2015-3457 | Improper Authentication vulnerability in Magento 1.14.1.0/1.9.1.0 Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote attackers to bypass authentication via the forwarded parameter. | 5.0 |
2015-04-29 | CVE-2015-1399 | Code Injection vulnerability in Magento 1.14.1.0/1.9.1.0 PHP remote file inclusion vulnerability in the fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary PHP code via a URL in unspecified vectors involving the setScriptPath function. | 6.5 |
2015-04-29 | CVE-2015-1398 | Path Traversal vulnerability in Magento 1.14.1.0/1.9.1.0 Multiple directory traversal vulnerabilities in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote authenticated users to include and execute certain PHP files via (1) .. | 6.5 |
2015-04-29 | CVE-2015-1397 | SQL Injection vulnerability in Magento 1.14.1.0/1.9.1.0 SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary SQL commands via the popularity[field_expr] parameter when the popularity[from] or popularity[to] parameter is set. | 6.5 |