Magento Open Source Security Vulnerabilities and Issues — Magento Open Source CVE List

Lucene search

AdobeMagento Open Source

14 matches found

CVE•added 2023/09/12 8:15 a.m.•1200 views

CVE-2022-24093

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.

9.1CVSS7.7AI score0.01024EPSS

CVE•added 2021/09/01 3:15 p.m.•56 views

CVE-2021-36024

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection endpoint. An attacker with admin privileges can upload a specially crafted file to achieve remote co...

9.1CVSS7.4AI score0.08668EPSS

CVE•added 2021/09/01 3:15 p.m.•55 views

CVE-2021-36020

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the 'City' field. An unauthenticated attacker can trigger a specially crafted script to achieve remote code execution.

9.8CVSS9.3AI score0.31066EPSS

CVE•added 2021/09/01 3:15 p.m.•55 views

CVE-2021-36022

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.

9.1CVSS7.7AI score0.03246EPSS

CVE•added 2024/06/13 9:15 a.m.•55 views

CVE-2024-34108

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are...

9.1CVSS8.6AI score0.01888EPSS

CVE•added 2021/09/01 3:15 p.m.•52 views

CVE-2021-36041

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges could upload a specially crafted file in the 'pub/media` directory could lead to remote code execution.

9.1CVSS7.3AI score0.05476EPSS

CVE•added 2021/09/01 3:15 p.m.•50 views

CVE-2021-36033

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.

9.1CVSS7.7AI score0.11326EPSS

CVE•added 2021/09/01 3:15 p.m.•49 views

CVE-2021-36029

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution.

9.1CVSS7.6AI score0.04985EPSS

CVE•added 2021/09/01 3:15 p.m.•48 views

CVE-2021-36035

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges could make a crafted request to the Adobe Stock API to achieve remote code execution.

9.1CVSS7.2AI score0.07254EPSS

CVE•added 2021/09/01 3:15 p.m.•46 views

CVE-2021-36042

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code ex...

9.1CVSS7.4AI score0.04108EPSS

CVE•added 2021/09/01 3:15 p.m.•44 views

CVE-2021-36034

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution.

9.1CVSS7.3AI score0.05476EPSS

CVE•added 2021/09/01 3:15 p.m.•43 views

CVE-2021-36040

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to bypass file extension restrictions and could lead to remote code executi...

9.1CVSS7.3AI score0.03446EPSS

CVE•added 2021/09/01 3:15 p.m.•42 views

CVE-2021-36025

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability while saving a customer's details with a specially crafted file. An authenticated attacker with admin privileges can leverage this vulnerability t...

9.1CVSS7.2AI score0.05476EPSS

CVE•added 2021/09/01 3:15 p.m.•40 views

CVE-2021-36028

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability when saving a configurable product. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.

9.1CVSS7.5AI score0.11326EPSS