Shodan
Vulnerabilities
Vulnerable Software
Magento:  >> Magento  >> 2.2.9  Security Vulnerabilities
CVE-2019-8108
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate session validation setting for a storefront that leads to insecure authentication and session management.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-11-05
CVE-2019-8109
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution.
CVSS Score
8.0
EPSS Score
0.004
Published
2019-11-05
CVE-2019-8110
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage email templates hierarchy to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.011
Published
2019-11-05
CVE-2019-8111
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.011
Published
2019-11-05
CVE-2019-8112
A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the POST response related to new user creation.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-11-05
CVE-2019-8113
Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration.
CVSS Score
5.3
EPSS Score
0.001
Published
2019-11-05
CVE-2019-8090
An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-11-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved