Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openmage openmage vulnerabilities and exploits
(subscribe to this query)
801
VMScore
CVE-2021-32758
OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched.
Openmage Openmage
578
VMScore
CVE-2020-26252
OpenMage is a community-driven alternative to Magento CE. In OpenMage prior to 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on ...
Openmage Openmage
578
VMScore
CVE-2020-26295
OpenMage is a community-driven alternative to Magento CE. In OpenMage prior to 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from...
Openmage Openmage
578
VMScore
CVE-2020-26285
OpenMage is a community-driven alternative to Magento CE. In OpenMage prior to 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to ...
Openmage Openmage
356
VMScore
CVE-2020-15151
OpenMage LTS prior to 19.4.6 and 20.0.2 allows malicious users to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19....
Openmage Openmage Long Term Support
Magento Magento
NA
CVE-2021-41143
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
Openmage Magento
NA
CVE-2021-41144
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
Openmage Magento
578
VMScore
CVE-2021-32759
OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions before 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 hav...
Openmage Magento
NA
CVE-2023-23617
OpenMage LTS is an e-commerce platform. Versions before 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds.
Openmage Magento
NA
CVE-2021-21395
Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases. Versions before 19.4.22 and 20.0.19 are vulnerable to Cross-Site Request Forgery. The password reset form is vulnerable to CSRF between the time the reset password link is cl...
Openmage Magento
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »