OpenMage Magento Lts (Magento), an e-commerce system from the OpenMage organization, is vulnerable to an input validation error in versions prior to OpenMage Magento LTS 19.4.15 and 20.0.13, which can be exploited by attackers to upload arbitrary executable files to the server.