Magento Community-Edition vulnerabilities

CVE-2019-8127 [HIGH] CWE-89 Magento 2 Community Edition SQLi Vulnerability Magento 2 Community Edition SQLi Vulnerability A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to an account with Newsletter Template editing permission could exfiltrate the Admin login data, and reset their password, effectively performing a privilege escalation. As per [the Magento Release 2.3.3](https://web.archive.org/

CVE-2019-8119 [HIGH] Magento 2 Community Edition RCE Vulnerability Magento 2 Community Edition RCE Vulnerability A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these manipulations can lead to remote code execution.

CVE-2019-7876 [HIGH] Magento 2 Community Edition RCE Vulnerability Magento 2 Community Edition RCE Vulnerability A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.

CVE-2019-7865 [HIGH] CWE-352 Magento 2 Community Edition CSRF Vulnerability Magento 2 Community Edition CSRF Vulnerability A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration.

CVE-2021-21015 [HIGH] CWE-78 Magento OS command injection via the customer attribute save controller Magento OS command injection via the customer attribute save controller Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploit

CVE-2019-8130 [HIGH] CWE-89 Magento SQL injection vulnerability Magento SQL injection vulnerability A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with store manipulation privileges can execute arbitrary SQL queries by getting access to the database connection through group instance in email templates.

CVE-2019-7932 [HIGH] CWE-94 Magento 2 Community Edition RCE Vulnerability Magento 2 Community Edition RCE Vulnerability A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create sitemaps can execute arbitrary PHP code by creating a malicious sitemap file.

CVE-2021-36029 [HIGH] CWE-285 Magento improper authorization vulnerability Magento improper authorization vulnerability Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper authorization vulnerability. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution.

CVE-2021-36032 [HIGH] CWE-20 Magento is affected by an improper input validation vulnerability Magento is affected by an improper input validation vulnerability Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.

CVE-2019-8114 [HIGH] CWE-434 Magento 2 Community Edition RCE Vulnerability Magento 2 Community Edition RCE Vulnerability A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration archive file upload. As per [the Magento Release 2.3.3](https://web.archive.org/web/20201126132230/http

CVE-2019-7911 [HIGH] CWE-918 Magento 2 Community Edition Server-Side Request Forgery vulnerability Magento 2 Community Edition Server-Side Request Forgery vulnerability A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to the admin panel to manipulate system configu

CVE-2019-7912 [HIGH] CWE-434 Magento Filter extension bypass via crafted store configuration keys Magento Filter extension bypass via crafted store configuration keys A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys to remove file extension filters, potentially resulting in the malicious upload and execution of malicious files

CVE-2019-7858 [HIGH] CWE-327 Magento 2 Community Edition Cryptographic Flaw Magento 2 Community Edition Cryptographic Flaw A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.

CVE-2019-8229 [HIGH] Withdrawn Advisory: Magento 2 Community Edition RCE Vulnerability Withdrawn Advisory: Magento 2 Community Edition RCE Vulnerability ## Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not affect a package in one of the GitHub Advisory Database's [supported ecosystems](https://github.com/github/advisory-database/blob/main/README.md#supported-ecosystems). This link is maintained to preserve external references. ## Original Description In M

CVE-2021-28583 [HIGH] CWE-657 Magento Violation of Secure Design Principles vulnerability in RMA PDF filename formats Magento Violation of Secure Design Principles vulnerability in RMA PDF filename formats Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted resources.

CVE-2019-8156 [HIGH] CWE-918 Magento 2 Community Edition SSRF vulnerability Magento 2 Community Edition SSRF vulnerability A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to modify store configurations can manipulate the connector api endpoint to enable remote code execution. As per [the Magento Release 2.3.3](https://web.archive.org/web/20201126132230/https://devdocs.m

CVE-2021-36041 [HIGH] CWE-20 Magento vulnerable to file upload attack Magento vulnerable to file upload attack Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges could upload a specially crafted file in the 'pub/media` directory could lead to remote code execution.

CVE-2021-36034 [HIGH] CWE-20 Magento affected by remote code execution via a file upload Magento affected by remote code execution via a file upload Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution.

CVE-2020-9689 [MEDIUM] CWE-22 Magento path traversal vulnerability Magento path traversal vulnerability Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.

CVE-2021-36039 [MEDIUM] CWE-863 Magento discloses sensitive information Magento discloses sensitive information Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability via the `quoteId` parameter. An attacker can abuse this vulnerability to disclose sensitive information.