Skip to main content

Magento

363 CVEs product

Monthly

CVE-2015-1399 MEDIUM POC PATCH This Month

PHP remote file inclusion vulnerability in the fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Adobe RCE PHP Code Injection Magento
NVD
CVSS 2.0
6.5
EPSS
4.4%
CVE-2015-1398 MEDIUM POC PATCH THREAT This Month

Multiple directory traversal vulnerabilities in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote authenticated users to include and execute certain PHP files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 29.0%.

Path Traversal Adobe PHP Magento
NVD
CVSS 2.0
6.5
EPSS
29.0%
CVE-2015-1397 MEDIUM POC THREAT This Month

SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.5%.

Adobe SQLi Magento
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
71.5%
Threat
4.9
EPSS 4% CVSS 6.5
MEDIUM POC PATCH This Month

PHP remote file inclusion vulnerability in the fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Adobe RCE PHP +2
NVD
EPSS 29% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

Multiple directory traversal vulnerabilities in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote authenticated users to include and execute certain PHP files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 29.0%.

Path Traversal Adobe PHP +1
NVD
EPSS 72% 4.9 CVSS 6.5
MEDIUM POC THREAT This Month

SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.5%.

Adobe SQLi Magento
NVD Exploit-DB
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy