Vulnerabilities > Magento > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-11-06 CVE-2019-8230 Unspecified vulnerability in Magento
In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path.
network
low complexity
magento
6.5
2019-11-06 CVE-2019-8229 Unspecified vulnerability in Magento
In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates.
network
low complexity
magento
6.5
2019-11-06 CVE-2019-8155 Cross-Site Request Forgery (CSRF) vulnerability in Magento
Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request.
network
low complexity
magento CWE-352
5.0
2019-11-06 CVE-2019-8154 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-829
6.5
2019-11-06 CVE-2019-8153 Cross-site Scripting vulnerability in Magento
A mitigation bypass to prevent cross-site scripting (XSS) exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
magento CWE-79
4.3
2019-11-06 CVE-2019-8151 Server-Side Request Forgery (SSRF) vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-918
6.5
2019-11-06 CVE-2019-8150 Unspecified vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento
6.5
2019-11-06 CVE-2019-8143 SQL Injection vulnerability in Magento
A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-89
4.0
2019-11-06 CVE-2019-8141 Deserialization of Untrusted Data vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
network
low complexity
magento CWE-502
6.5
2019-11-06 CVE-2019-8140 Unrestricted Upload of File with Dangerous Type vulnerability in Magento
An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-434
4.0