Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:magento_2:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Magento 2 (23450c19-7ef3-58f2-895c-e48172bf17e5) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-7951 |
vulnerable | 2026-06-08 05:14:14.889844 |
Details available
An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce parameters related to access control. This could be abused to leak customer information via crafted SOAP requests.
Published: 2019-08-02T21:36:12.000Z
Updated: 2024-08-04T21:02:19.405Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7950 |
vulnerable | 2026-06-08 05:14:14.889433 |
Details available
An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access to potentially confidental information.
Published: 2019-08-02T21:35:49.000Z
Updated: 2024-08-04T21:02:19.442Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7942 |
vulnerable | 2026-06-08 05:14:14.888111 |
Details available
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates.
Published: 2019-08-02T21:34:07.000Z
Updated: 2024-08-04T21:02:19.368Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7939 |
vulnerable | 2026-06-08 05:14:14.887058 |
Details available
A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by sending a victim a crafted URL that results in malicious javascript execution in the victim's browser.
Published: 2019-08-02T21:33:20.000Z
Updated: 2024-08-04T21:02:19.432Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7937 |
vulnerable | 2026-06-08 05:14:14.886358 |
Details available
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to store product attributes to inject malicious javascript.
Published: 2019-08-02T21:32:35.000Z
Updated: 2024-08-04T21:02:19.410Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7936 |
vulnerable | 2026-06-08 05:14:14.886067 |
Details available
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content block titles to inject malicious javascript.
Published: 2019-08-02T21:32:14.000Z
Updated: 2024-08-04T21:02:19.410Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7930 |
vulnerable | 2026-06-08 05:14:14.875687 |
Details available
A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to the import feature can make modifications to a configuration file, resulting in potentially unauthorized removal of file upload restrictions. This can result in arbitrary code execution when a malicious file is then uploaded and executed on the system.
Published: 2019-08-02T21:30:46.000Z
Updated: 2024-08-04T21:02:19.378Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7929 |
vulnerable | 2026-06-08 05:14:14.875405 |
Details available
An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges may be able to view metadata of a trusted device used by another administrator via a crafted http request.
Published: 2019-08-02T21:30:27.000Z
Updated: 2024-08-04T21:02:19.436Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7928 |
vulnerable | 2026-06-08 05:14:14.875120 |
Details available
A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between the Magento merchant and PayPal.
Published: 2019-08-02T21:30:04.000Z
Updated: 2024-08-04T21:02:19.423Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7927 |
vulnerable | 2026-06-08 05:14:14.874819 |
Details available
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit product content pages to inject malicious javascript.
Published: 2019-08-02T21:29:45.000Z
Updated: 2024-08-04T21:02:19.411Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7926 |
vulnerable | 2026-06-08 05:14:14.874426 |
Details available
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify node attributes to inject malicious javascript.
Published: 2019-08-02T21:29:28.000Z
Updated: 2024-08-04T21:02:19.360Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7925 |
vulnerable | 2026-06-08 05:14:14.874019 |
Details available
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder.
Published: 2019-08-02T21:29:03.000Z
Updated: 2024-08-04T21:02:19.418Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7923 |
vulnerable | 2026-06-08 05:14:14.873716 |
Details available
A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by authenticated user with admin privileges to manipulate shipment settings to execute arbitrary code.
Published: 2019-08-02T21:28:36.000Z
Updated: 2024-08-04T21:02:19.402Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7921 |
vulnerable | 2026-06-08 05:14:14.873283 |
Details available
A stored cross-site scripting vulnerability exists in the product catalog form of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the product catalog to inject malicious javascript.
Published: 2019-08-02T21:28:17.000Z
Updated: 2024-08-04T21:02:19.124Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7915 |
vulnerable | 2026-06-08 05:14:14.866123 |
Details available
A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Under certain conditions, an unauthenticated attacker could force the Magento store's full page cache to serve a 404 page to customers.
Published: 2019-08-02T21:27:59.000Z
Updated: 2024-08-04T21:02:19.161Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7913 |
vulnerable | 2026-06-08 05:14:14.865841 |
Details available
A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to execute arbitrary code.
Published: 2019-08-02T21:27:25.000Z
Updated: 2024-08-04T21:02:19.242Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7912 |
vulnerable | 2026-06-08 05:14:14.865553 |
Details available
A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys to remove file extension filters, potentially resulting in the malicious upload and execution of malicious files on the server.
Published: 2019-08-02T21:27:05.000Z
Updated: 2024-08-04T21:02:19.171Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7908 |
vulnerable | 2026-06-08 05:14:14.864489 |
Details available
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify product information.
Published: 2019-08-02T21:25:53.000Z
Updated: 2024-08-04T21:02:19.247Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7904 |
vulnerable | 2026-06-08 05:14:14.864216 |
Details available
Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes.
Published: 2019-08-02T21:25:26.000Z
Updated: 2024-08-04T21:02:19.397Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7903 |
vulnerable | 2026-06-08 05:14:14.863831 |
Details available
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious template.
Published: 2019-08-02T21:25:07.000Z
Updated: 2024-08-04T21:02:19.154Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7896 |
vulnerable | 2026-06-08 05:14:14.862423 |
Details available
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout update.
Published: 2019-08-02T21:23:46.000Z
Updated: 2024-08-04T21:02:18.988Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7895 |
vulnerable | 2026-06-08 05:14:14.862132 |
Details available
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts can execute arbitrary code through a crafted XML layout update.
Published: 2019-08-02T21:23:27.000Z
Updated: 2024-08-04T21:02:18.963Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7892 |
vulnerable | 2026-06-08 05:14:14.861838 |
Details available
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery.
Published: 2019-08-02T21:23:08.000Z
Updated: 2024-08-04T21:02:19.121Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7890 |
vulnerable | 2026-06-08 05:14:14.861336 |
Details available
An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.
Published: 2019-08-02T21:22:50.000Z
Updated: 2024-08-04T21:02:19.001Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7888 |
vulnerable | 2026-06-08 05:14:14.860665 |
Details available
An information disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to create email templates could leak sensitive data via a malicious email template.
Published: 2019-08-02T21:22:00.000Z
Updated: 2024-08-04T21:02:19.005Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7886 |
vulnerable | 2026-06-08 05:14:14.859882 |
Details available
A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts.
Published: 2019-08-02T21:21:15.000Z
Updated: 2024-08-04T21:02:19.243Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7885 |
vulnerable | 2026-06-08 05:14:14.859499 |
Details available
Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This vulnerability could be abused by an authenticated user with the ability to configure the catalog search.
Published: 2019-08-02T21:20:53.000Z
Updated: 2024-08-04T21:02:19.254Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7881 |
vulnerable | 2026-06-08 05:14:14.858674 |
Details available
A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack).
Published: 2019-08-02T21:20:04.000Z
Updated: 2024-08-04T21:02:19.231Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7880 |
vulnerable | 2026-06-08 05:14:14.858409 |
Details available
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to marketing email templates to inject malicious javascript.
Published: 2019-08-02T21:19:44.000Z
Updated: 2024-08-04T21:02:19.023Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7877 |
vulnerable | 2026-06-08 05:14:14.858116 |
Details available
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manage orders can inject malicious javascript.
Published: 2019-08-02T21:19:17.000Z
Updated: 2024-08-04T21:02:18.973Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7876 |
vulnerable | 2026-06-08 05:14:14.857828 |
Details available
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.
Published: 2019-08-02T21:18:53.000Z
Updated: 2024-08-04T21:02:18.960Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7874 |
vulnerable | 2026-06-08 05:14:14.857074 |
Details available
A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles.
Published: 2019-08-02T21:18:13.000Z
Updated: 2024-08-04T21:02:19.151Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7873 |
vulnerable | 2026-06-08 05:14:14.856774 |
Details available
A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule.
Published: 2019-08-02T21:17:53.000Z
Updated: 2024-08-04T21:02:19.065Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7872 |
vulnerable | 2026-06-08 05:14:14.856466 |
Details available
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing user details.
Published: 2019-08-02T21:17:31.000Z
Updated: 2024-08-04T21:02:19.167Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7871 |
vulnerable | 2026-06-08 05:14:14.856138 |
Details available
A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection.
Published: 2019-08-02T21:17:01.000Z
Updated: 2024-08-04T21:02:18.955Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7869 |
vulnerable | 2026-06-08 05:14:14.851190 |
Details available
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage customer groups.
Published: 2019-08-02T21:16:41.000Z
Updated: 2024-08-04T21:02:18.959Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7868 |
vulnerable | 2026-06-08 05:14:14.850920 |
Details available
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage tax rules.
Published: 2019-08-02T21:16:13.000Z
Updated: 2024-08-04T21:02:19.091Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7867 |
vulnerable | 2026-06-08 05:14:14.850657 |
Details available
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to manage orders and order status.
Published: 2019-08-02T21:15:50.000Z
Updated: 2024-08-04T21:02:19.250Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7866 |
vulnerable | 2026-06-08 05:14:14.850381 |
Details available
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to edit Product information via the TinyMCE editor.
Published: 2019-08-02T21:15:32.000Z
Updated: 2024-08-04T21:02:19.057Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7865 |
vulnerable | 2026-06-08 05:14:14.850098 |
Details available
A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration.
Published: 2019-08-02T21:15:08.000Z
Updated: 2024-08-04T21:02:18.914Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7864 |
vulnerable | 2026-06-08 05:14:14.849830 |
Details available
An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.
Published: 2019-08-02T21:14:48.000Z
Updated: 2024-08-04T21:02:19.127Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7863 |
vulnerable | 2026-06-08 05:14:14.849562 |
Details available
A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to products and categories.
Published: 2019-08-02T21:14:29.000Z
Updated: 2024-08-04T21:02:19.040Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7862 |
vulnerable | 2026-06-08 05:14:14.849276 |
Details available
A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
Published: 2019-08-02T21:14:09.000Z
Updated: 2024-08-04T21:02:19.129Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7861 |
vulnerable | 2026-06-08 05:14:14.849004 |
Details available
Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
Published: 2019-08-02T21:13:46.000Z
Updated: 2024-08-04T21:02:19.058Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7860 |
vulnerable | 2026-06-08 05:14:14.848727 |
Details available
A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
Published: 2019-08-02T21:13:27.000Z
Updated: 2024-08-04T21:02:19.170Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7859 |
vulnerable | 2026-06-08 05:14:14.848441 |
Details available
A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.
Published: 2019-08-02T21:13:08.000Z
Updated: 2024-08-04T21:02:18.966Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7858 |
vulnerable | 2026-06-08 05:14:14.848032 |
Details available
A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.
Published: 2019-08-02T21:12:47.000Z
Updated: 2024-08-04T21:02:19.176Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7857 |
vulnerable | 2026-06-08 05:14:14.847754 |
Details available
A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a shopper's cart due to an insufficiently robust anti-CSRF token implementation.
Published: 2019-08-02T21:12:21.000Z
Updated: 2024-08-04T21:02:18.975Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7855 |
vulnerable | 2026-06-08 05:14:14.847475 |
Details available
A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation.
Published: 2019-08-02T21:11:55.000Z
Updated: 2024-08-04T21:02:19.005Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7854 |
vulnerable | 2026-06-08 05:14:14.847192 |
Details available
An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details.
Published: 2019-08-02T21:11:32.000Z
Updated: 2024-08-04T21:02:18.996Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7853 |
vulnerable | 2026-06-08 05:14:14.846882 |
Details available
A stored cross-site scripting vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the tax notifications configuration in the Magento admin panel.
Published: 2019-08-02T21:36:58.000Z
Updated: 2024-08-04T21:02:19.098Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7852 |
vulnerable | 2026-06-08 05:14:14.846439 |
Details available
A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel, disclosing its location to potentially unauthorized parties.
Published: 2019-08-02T21:10:58.000Z
Updated: 2024-08-04T21:02:19.227Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7851 |
vulnerable | 2026-06-08 05:14:14.846027 |
Details available
A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages.
Published: 2019-08-02T21:10:29.000Z
Updated: 2024-08-04T21:02:18.532Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.