Adobe Systems Incorporated Magento 1 vulnerabilities

8 known vulnerabilities affecting adobe_systems_incorporated/magento_1.

Total CVEs

8

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH6MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2019-8155HIGHCVSS 7.5vMagento Open Source prior to 1.9.4.3vMagento Commerce prior to 1.14.4.32019-11-06

CVE-2019-8155 [HIGH] CWE-352 CVE-2019-8155: Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET requ Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions.

CVE-2019-8231HIGHCVSS 7.2vMagento Open Source prior to 1.9.4.3vMagento Commerce prior to 1.14.4.32019-11-06

CVE-2019-8231 [HIGH] CVE-2019-8231: In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privi In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.

CVE-2019-8230HIGHCVSS 7.2vMagento Open Source prior to 1.9.4.3vand Magento Commerce prior to 1.14.4.32019-11-06

CVE-2019-8230 [HIGH] CVE-2019-8230: In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path.

CVE-2019-8229HIGHCVSS 7.2vMagento Open Source prior to 1.9.4.3vand Magento Commerce prior to 1.14.4.32019-11-06

CVE-2019-8229 [HIGH] CVE-2019-8229: In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrativ In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates.

CVE-2019-8227MEDIUMCVSS 4.8vMagento Open Source prior to 1.9.4.3vand Magento Commerce prior to 1.14.4.32019-11-06

CVE-2019-8227 [MEDIUM] CWE-79 CVE-2019-8227: In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited admini In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML.

CVE-2019-8228MEDIUMCVSS 4.8vMagento Open Source prior to 1.9.4.3vMagento Commerce prior to 1.14.4.32019-11-06

CVE-2019-8228 [MEDIUM] CWE-79 CVE-2019-8228: in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited admini in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template.

CVE-2019-8125HIGHCVSS 7.2vMagento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3.2019-11-05

CVE-2019-8125 [HIGH] CVE-2019-8125: A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticate A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution.

CVE-2019-8091HIGHCVSS 7.2vMagento Open Source prior to 1.9.4.3vand Magento Commerce prior to 1.14.4.32019-11-05

CVE-2019-8091 [HIGH] CVE-2019-8091: A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenti A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution.