Shodan
Vulnerabilities
Vulnerable Software
Magento:  Security Vulnerabilities
CVE-2019-8137
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate CMS section of the website can trigger remote code execution via custom layout update.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-11-06
CVE-2019-8138
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-11-06
CVE-2019-8139
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary Javascript code into the dynamic block when invoking page builder on a product.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-11-06
CVE-2019-8140
An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform uploaded JPEG file into a PHP file.
CVSS Score
4.9
EPSS Score
0.002
Published
2019-11-06
CVE-2019-8141
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with administrative privileges (system level import) can execute arbitrary code through a Phar deserialization vulnerability in the import functionality.
CVSS Score
7.2
EPSS Score
0.016
Published
2019-11-06
CVE-2019-8142
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via title of an order when configuring sales payment methods for a store.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-11-06
CVE-2019-8143
A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to email templates can send malicious SQL queries and obtain access to sensitive information stored in the database.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-11-06
CVE-2019-8144
A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods.
CVSS Score
9.8
EPSS Score
0.029
Published
2019-11-06
CVE-2019-8128
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting malicious Javascript into the name of main website.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-11-06
CVE-2019-8129
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting an embedded expression into a translation.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-11-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved