Packagist (Composer) package
magento/core
pkg:composer/magento/core
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-6497 | — | < 1.9.2.1 | 1.9.2.1 | Jan 15, 2020 | The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via | ||
| CVE-2019-8227 | — | < 1.9.4.3 | 1.9.4.3 | Nov 6, 2019 | In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML. | ||
| CVE-2019-8230 | — | < 1.9.4.3 | 1.9.4.3 | Nov 5, 2019 | In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path. | ||
| CVE-2019-8231 | — | < 1.9.4.3 | 1.9.4.3 | Nov 5, 2019 | In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification. |
- CVE-2015-6497Jan 15, 2020affected < 1.9.2.1fixed 1.9.2.1
The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via
- CVE-2019-8227Nov 6, 2019affected < 1.9.4.3fixed 1.9.4.3
In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML.
- CVE-2019-8230Nov 5, 2019affected < 1.9.4.3fixed 1.9.4.3
In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path.
- CVE-2019-8231Nov 5, 2019affected < 1.9.4.3fixed 1.9.4.3
In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.
Page 2 of 2