Lucene search
+L

Critical Magento Flaws Allow Code Execution

🗓️ 29 Jul 2020 21:22:00Reported by Lindsey O'DonnellType 
threatpost
 threatpost
🔗 threatpost.com👁 239 Views

Critical Magento Flaws Enable Code Execution on Adobe's E-commerce Platfor

Related
Refs
ReporterTitlePublishedViews
Family
zdt
Magento 2.4.0 / 2.3.5p1 (and earlier) Arbitrary Code Execution 0day Exploit
24 Mar 202100:00
zdt
attackerkb
CVE-2020-5135
12 Oct 202000:00
attackerkb
attackerkb
CVE-2020-24407
15 Oct 202023:00
attackerkb
avleonov
Last Week’s Security news: Cisco ASA, BIG-IQ, vSphere, Solaris, Dlink, iPhone %s, DarkRadiation, Google schema, John McAfee
28 Jun 202110:59
avleonov
bdu_fstec
The vulnerability of the Magento Commerce software platform for developing and managing online stores lies in the lack of measures to protect SQL query structures. This allows attackers to execute arbitrary SQL queries against the database in the target system and gain access to protected information.
12 Nov 202000:00
bdu_fstec
bdu_fstec
The vulnerability of the Magento Commerce software platform for developing and managing online stores lies in the lack of restrictions on file uploads, which allows attackers to execute arbitrary code.
17 Nov 202000:00
bdu_fstec
bdu_fstec
The vulnerability of the software platform for developing and managing online stores Magento Commerce, related to deficiencies in authentication mechanisms, allows a perpetrator to execute arbitrary code.
15 Dec 202000:00
bdu_fstec
bdu_fstec
The vulnerability of the software platform for developing and managing online stores Magento Commerce is related to the exposure of information through inconsistencies, allowing attackers to gain access to protected information.
18 Dec 202000:00
bdu_fstec
bdu_fstec
The vulnerability of the Magento Commerce software development and management platform lies in the incorrect limitation of the path to the restricted catalog. This allows attackers to execute arbitrary code.
18 Dec 202000:00
bdu_fstec
bdu_fstec
The vulnerability of the Magento Commerce software development and management platform lies in its lack of measures to neutralize special elements used in the operating system. This allows attackers to execute arbitrary code.
9 Aug 202100:00
bdu_fstec
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation