The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Magento CE

vulnerability announce 29272

Magento: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of Magento, in order to obtain sensitive information.
Impacted products: Magento EE, Magento CE.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 13/05/2019.
Identifiers: VIGILANCE-VUL-29272.

Description of the vulnerability

An attacker can bypass access restrictions to data of Magento, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 27256

Magento Commerce, Open Source: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Magento Commerce/OpenSource.
Impacted products: Magento EE, Magento CE.
Severity: 3/4.
Consequences: user access/rights, client access/rights, data creation/edition.
Provenance: internet client.
Creation date: 18/09/2018.
Revision date: 19/09/2018.
Identifiers: SUPEE-10888, VIGILANCE-VUL-27256.

Description of the vulnerability

An attacker can use several vulnerabilities of Magento Commerce/OpenSource.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 26559

Magento Commerce: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Magento Commerce.
Impacted products: Magento EE, Magento CE.
Severity: 3/4.
Consequences: user access/rights, client access/rights.
Provenance: internet client.
Creation date: 27/06/2018.
Identifiers: CERTFR-2018-AVI-311, SUPEE-10752, VIGILANCE-VUL-26559.

Description of the vulnerability

An attacker can use several vulnerabilities of Magento Commerce.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 25393

Magento: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Magento.
Impacted products: Magento EE, Magento CE.
Severity: 3/4.
Consequences: administrator access/rights, client access/rights, data reading, data deletion.
Provenance: document.
Creation date: 28/02/2018.
Identifiers: CERTFR-2018-AVI-103, DC-2018-03-001, DC-2018-03-002, DC-2018-03-003, DC-2018-03-004, VIGILANCE-VUL-25393.

Description of the vulnerability

An attacker can use several vulnerabilities of Magento.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 24556

Magento: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Magento.
Impacted products: Magento EE, Magento CE.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: internet client.
Creation date: 28/11/2017.
Identifiers: CERTFR-2017-AVI-434, SUPEE-10415, VIGILANCE-VUL-24556.

Description of the vulnerability

An attacker can use several vulnerabilities of Magento.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 24376

Magento: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Magento.
Impacted products: Magento EE, Magento CE.
Severity: 3/4.
Consequences: privileged access/rights, client access/rights, data reading, data deletion.
Provenance: internet client.
Creation date: 08/11/2017.
Identifiers: CERTFR-2017-AVI-397, VIGILANCE-VUL-24376.

Description of the vulnerability

An attacker can use several vulnerabilities of Magento.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 24264

Magento: information disclosure via local.xml

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via local.xml of Magento not installed with Apache httpd (for example nginx), in order to obtain sensitive information.
Impacted products: Magento EE, Magento CE.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 30/10/2017.
Identifiers: VIGILANCE-VUL-24264.

Description of the vulnerability

An attacker can bypass access restrictions to data via local.xml of Magento not installed with Apache httpd (for example nginx), in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 23843

Magento: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Magento.
Impacted products: Magento EE, Magento CE.
Severity: 3/4.
Consequences: user access/rights, client access/rights, data reading, data creation/edition.
Provenance: internet client.
Creation date: 15/09/2017.
Identifiers: CERTFR-2017-AVI-303, DC-2017-09-001, DC-2017-09-002, VIGILANCE-VUL-23843.

Description of the vulnerability

An attacker can use several vulnerabilities of Magento.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 22878

Magento: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Magento.
Impacted products: Magento EE, Magento CE.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, client access/rights, data reading, data creation/edition.
Provenance: document.
Creation date: 01/06/2017.
Identifiers: VIGILANCE-VUL-22878.

Description of the vulnerability

An attacker can use several vulnerabilities of Magento.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 22432

Magento: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Magento, in order to force the victim to perform operations.
Impacted products: Magento EE, Magento CE.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 13/04/2017.
Identifiers: VIGILANCE-VUL-22432.

Description of the vulnerability

The Magento product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of Magento, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Magento CE: