Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openmage openmage vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2021-32758
OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched.
Openmage Openmage
7.2
CVSSv3
CVE-2020-26252
OpenMage is a community-driven alternative to Magento CE. In OpenMage prior to 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on ...
Openmage Openmage
7.2
CVSSv3
CVE-2020-26285
OpenMage is a community-driven alternative to Magento CE. In OpenMage prior to 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to ...
Openmage Openmage
7.2
CVSSv3
CVE-2020-26295
OpenMage is a community-driven alternative to Magento CE. In OpenMage prior to 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from...
Openmage Openmage
8
CVSSv3
CVE-2020-15151
OpenMage LTS prior to 19.4.6 and 20.0.2 allows malicious users to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19....
Openmage Openmage Long Term Support
Magento Magento
7.2
CVSSv3
CVE-2021-41231
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for th...
Openmage Magento
8.8
CVSSv3
CVE-2021-41144
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
Openmage Magento
7.2
CVSSv3
CVE-2021-41143
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
Openmage Magento
7.2
CVSSv3
CVE-2021-32759
OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions before 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 hav...
Openmage Magento
4.3
CVSSv3
CVE-2021-21395
Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases. Versions before 19.4.22 and 20.0.19 are vulnerable to Cross-Site Request Forgery. The password reset form is vulnerable to CSRF between the time the reset password link is cl...
Openmage Magento
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »