Shodan
Vulnerabilities
Vulnerable Software
Magento:  Security Vulnerabilities
CVE-2019-8092
A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via email template preview.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-11-05
CVE-2019-8093
An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-11-05
CVE-2019-8107
An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with export data transfer privileges can craft a request to perform arbitrary file deletion.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-11-05
CVE-2019-8108
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate session validation setting for a storefront that leads to insecure authentication and session management.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-11-05
CVE-2019-8109
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution.
CVSS Score
8.0
EPSS Score
0.004
Published
2019-11-05
CVE-2019-8110
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage email templates hierarchy to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.011
Published
2019-11-05
CVE-2019-8111
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.011
Published
2019-11-05
CVE-2019-8112
A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the POST response related to new user creation.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-11-05
CVE-2019-8113
Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration.
CVSS Score
5.3
EPSS Score
0.001
Published
2019-11-05
CVE-2019-8090
An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-11-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved