Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

E-Commerce

Magento

Magento is an Open Source ecommerce web application launched on March 31 2008. It was created by Varien building on components of the Zend Framework.

Official Site:

https://magento.com/

Severity Summary:

Critical: 33 High: 70 Medium: 116 Low: 4
Reference
Title
Severity
CVE-2024-34102
Magento External Entity Injection (XXE) Vulnerability
Critical
CVE-2015-8707
Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Critical
CVE-2020-24407
Magento Unrestricted Upload of File with Dangerous Type Vulnerability
Critical
CVE-2019-8136
Magento Vulnerability
Critical
CVE-2020-3718
Magento Vulnerability
Critical
CVE-2020-3716
Magento Deserialization of Untrusted Data Vulnerability
Critical
CVE-2019-8158
Magento XML Injection (aka Blind XPath Injection) Vulnerability
Critical
CVE-2022-34256
Magento Incorrect Authorization Vulnerability
Critical
CVE-2022-24086
Magento Improper Input Validation Vulnerability
Critical
CVE-2020-9578
Magento Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability
Critical
CVE-2019-8121
Magento Vulnerability
Critical
CVE-2021-21014
Magento Unrestricted Upload of File with Dangerous Type Vulnerability
Critical
CVE-2019-8144
Magento Vulnerability
Critical
CVE-2020-9691
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Critical
CVE-2019-7139
Magento Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2016-4010
Magento Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Critical
CVE-2020-9576
Magento Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability
Critical
CVE-2019-8135
Magento Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Critical
CVE-2020-9579
Magento Vulnerability
Critical
CVE-2021-21018
Magento Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability
Critical
CVE-2021-21024
Magento Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2021-21025
Magento XML Injection (aka Blind XPath Injection) Vulnerability
Critical
CVE-2020-9664
Magento Improper Control of Generation of Code (Code Injection) Vulnerability
Critical
CVE-2020-9632
Magento Vulnerability
Critical
CVE-2020-9631
Magento Vulnerability
Critical
CVE-2020-9630
Magento Improper Privilege Management Vulnerability
Critical
CVE-2020-9580
Magento Vulnerability
Critical
CVE-2021-21019
Magento XML Injection (aka Blind XPath Injection) Vulnerability
Critical
CVE-2019-8149
Magento Insufficient Session Expiration Vulnerability
Critical
CVE-2021-21016
Magento Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability
Critical