Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openmage openmage vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2021-32758
OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched.
Openmage Openmage
6.5
CVSSv2
CVE-2020-26252
OpenMage is a community-driven alternative to Magento CE. In OpenMage prior to 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on ...
Openmage Openmage
6.5
CVSSv2
CVE-2020-26285
OpenMage is a community-driven alternative to Magento CE. In OpenMage prior to 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to ...
Openmage Openmage
6.5
CVSSv2
CVE-2020-26295
OpenMage is a community-driven alternative to Magento CE. In OpenMage prior to 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from...
Openmage Openmage
4
CVSSv2
CVE-2020-15151
OpenMage LTS prior to 19.4.6 and 20.0.2 allows malicious users to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19....
Openmage Openmage Long Term Support
Magento Magento
NA
CVE-2021-41143
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
Openmage Magento
NA
CVE-2021-41144
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
Openmage Magento
NA
CVE-2021-41231
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for th...
Openmage Magento
NA
CVE-2023-41879
Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a bru...
Openmage Magento
NA
CVE-2021-21395
Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases. Versions before 19.4.22 and 20.0.19 are vulnerable to Cross-Site Request Forgery. The password reset form is vulnerable to CSRF between the time the reset password link is cl...
Openmage Magento
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »