Magento 漏洞列表

Magento是一款开源的电子商务平台，广泛应用于在线商店和电子商务网站。该漏洞存在于接口/rest/all/V1/guest-carts/test-assetnote/estimate-shipping-methods中，攻击者可以通过构造恶意的XML数据触发XXE（XML外部实体）注入漏洞，从而读取服务器上的任意文件或发起外部请求，可能导致敏感信息泄露。

Magento Server MAGMI (aka Magento Mass Importer) contains a directory traversal vulnerability in web/ajax_pluginconf.php. that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php.

An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage.

Magento Mass Importer (aka MAGMI) versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure.

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution.

Magento Server MAGMI (aka Magento Mass Importer) contains a directory traversal vulnerability in web/ajax_pluginconf.php. that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php.

An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage.

Magento Mass Importer (aka MAGMI) versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure.

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution.

Magento configuration panel was detected. Misconfigured instances of Magento may disclose usernames, passwords, and database configurations via /app/etc/local.xml.

Magento is susceptible to the Installation page exposure due to misconfiguration.

Magento Cacheleak is an implementation vulnerability, result of bad implementation of web-server configuration for Magento platform. Magento was developed to work under the Apache web-server which natively works with .htaccess files, so all needed configuration directives specific for various internal Magento folders were placed in .htaccess files. When Magento is installed on web servers that are ignoring .htaccess files (such as nginx), an attacker can get access to internal Magento folders (such as the Magento cache directory) and extract sensitive information from cache files.

Magento version 1.9.2.x includes /dev directories or files that might reveal your passwords and other sensitive information. The /dev directories and files are not protected by default. According to Magento, "these tests are not supposed to end up on production servers".

Adobe Commerce and Magento Open Source中存在存储型跨站脚本漏洞。该漏洞是由于在结帐页面上显示给用户的传输策略中对用户数据进行了不正确的清理。

Magento是美国Magento公司的一套开源的PHP电子商务系统，它提供权限管理、搜索引擎和支付网关等功能。Magento Community Edition（CE）是一个社区版。MAGMI（又名Magento Mass Importer）是其中的一个用于将大量的产品目录导入到Magento系统中的插件。 Magento CE MAGMI插件0.7.17a及之前版本的magmi/web/magmi.php脚本中存在任意文件上传漏洞。远程攻击者可借助ZIP文件中特制的PHP文件利用该漏洞执行任意代码。