Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Magento Commerce — Vulnerabilities & Security Advisories 85

All 85 CVE vulnerabilities found in Magento Commerce, with AI-generated Chinese analysis, references, and POCs.

Vendor: Adobe

CVE IDTitleCVSSSeverityPublished
CVE-2021-21016 Magento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution CWE-78 9.1 -2021-02-11
CVE-2021-21026 Magento Commerce Incorrect permissions Could Lead To Unauthorized Access CWE-285 4.9 -2021-02-11
CVE-2021-21015 Magento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution CWE-78 9.1 -2021-02-11
CVE-2021-21018 Magnto Commerce Unauthorized Data Modification Could Lead To Arbitrary Code Execution CWE-78 9.1 -2021-02-11
CVE-2021-21019 Magento Commerce XML Injection Could Lead To Remote Code Execution CWE-91 9.1 -2021-02-11
CVE-2021-21020 Magento Commerce Improper Access Control Vulnerability CWE-284 5.9 -2021-02-11
CVE-2021-21025 Magento Commerce XML Injection Could Lead To Arbitrary Code Execution CWE-91 9.1 -2021-02-11
CVE-2021-21024 Magento Commerce Blind SQL Injection Could Lead To Unauthorized Access CWE-89 6.5 -2021-02-11
CVE-2021-21029 Magento Commerce Reflected Cross-site Scripting Vulnerability Could Lead To Arbitrary JavaScript Execution CWE-79 4.8 Medium2021-02-11
CVE-2021-21032 Magento Commerce Failure To Invalidate User Session Could Lead To Unauthorized Access CWE-613 6.5 -2021-02-11
CVE-2021-21023 Magento Commerce Stored Cross Site Scripting Vulnerability Could Lead To Arbitrary Code Execution CWE-79 4.8 -2021-02-11
CVE-2021-21022 Magento Commerce Incorrect permissions Could Lead To Unauthorized Access CWE-639 5.3 -2021-02-11
CVE-2021-21027 Magento Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Data Modification CWE-352 4.3 -2021-02-11
CVE-2021-21030 Magento Commerce Stored Cross-site Scripting Could Lead To Arbitrary Javascript Execution CWE-79 6.1 -2021-02-11
CVE-2021-21013 Magento Commerce Insecure Direct Object Reference Could Lead To Information Disclosure CWE-863 8.1 High2021-01-13
CVE-2021-21012 Magento Commerce Insecure Direct Object Reference Vulnerability Could Lead To Sensitive Information Disclosure CWE-639 5.3 -2021-01-13
CVE-2020-24404 Incorrect permissions in Integrations component could lead to unauthorized deletion of cmsPages via REST API CWE-285 2.7 Low2020-11-09
CVE-2020-24407 Arbitrary code execution via file import functionality CWE-434 9.1 Critical2020-11-09
CVE-2020-24406 Document root path disclosure on Maintenance page CWE-200 3.7 Low2020-11-09
CVE-2020-24405 Incorrect permissions in Inventory module could lead to unauthorized modification of inventory stock data CWE-285 4.3 Medium2020-11-09
CVE-2020-24403 Incorrect permissions could lead to unauthorized modification of inventory source data via REST API CWE-285 2.7 Low2020-11-09
CVE-2020-24401 Incorrect permissions following the deletion of a user role or deactivation of a user CWE-863 6.5 Medium2020-11-09
CVE-2020-24402 Incorrect permissions in the Integrations component could lead to unauthorized deletion of customer details via REST API CWE-276 4.9 Medium2020-11-09
CVE-2020-24400 SQL injection allows arbitrary read from database CWE-89 7.1 High2020-11-09
CVE-2020-24408 Stored XSS in customer address upload feature CWE-79 6.1 Medium2020-10-16

All 85 known CVE vulnerabilities affecting Magento Commerce with full Chinese analysis, references, and POCs where available.