CVE-2020-15244: Magento vulnerability

October 22, 2020 0

In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The Read more

Share this info:

CVE-2020-24408: Magento vulnerability

October 18, 2020 0

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker Read more

Share this info:

CVE-2020-5777: Magento vulnerability

September 10, 2020 0

MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if Read more

Share this info:

CVE-2020-9692: Magento vulnerability

August 21, 2020 0

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution. References helpx.adobe.com/security/products/magento/apsb20-47.html helpx.adobe.com/security/products/magento/apsb20-47.html

Share this info:

CVE-2020-9691: Magento vulnerability

August 21, 2020 0

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution. References helpx.adobe.com/security/products/magento/apsb20-47.html helpx.adobe.com/security/products/magento/apsb20-47.html

Share this info:
1 2 3 7