Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openmage openmage vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2020-26285
OpenMage is a community-driven alternative to Magento CE. In OpenMage prior to 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to ...
Openmage Openmage
7.2
CVSSv3
CVE-2021-32758
OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched.
Openmage Openmage
7.2
CVSSv3
CVE-2020-26295
OpenMage is a community-driven alternative to Magento CE. In OpenMage prior to 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from...
Openmage Openmage
7.2
CVSSv3
CVE-2020-26252
OpenMage is a community-driven alternative to Magento CE. In OpenMage prior to 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on ...
Openmage Openmage
8
CVSSv3
CVE-2020-15151
OpenMage LTS prior to 19.4.6 and 20.0.2 allows malicious users to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19....
Openmage Openmage Long Term Support
Magento Magento
7.2
CVSSv3
CVE-2021-41143
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
Openmage Magento
8.8
CVSSv3
CVE-2021-41144
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
Openmage Magento
7.5
CVSSv3
CVE-2023-41879
Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a bru...
Openmage Magento
7.2
CVSSv3
CVE-2020-15244
In Magento (rubygems openmage/magento-lts package) prior to 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4.
Openmage Magento
7.2
CVSSv3
CVE-2021-32759
OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions before 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 hav...
Openmage Magento
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »