CVE-2020-26295

2021-01-2114:15:12

Google

osv.dev

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.1%

JSON

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved

CPENameOperatorVersion
magento-ltseq1.9.1.0-lts
magento-ltseq1.5.0.0-alpha2
magento-ltseq1.2.1.2
magento-ltseq1.4.0.0-alpha3
magento-ltseq1.9.3.1
magento-ltseq1.3.1.1
magento-ltseq1.1.1
magento-ltseq1.2.0.3
magento-ltseq1.2.0
magento-ltseq1.4.0.0-beta1

Name	Operator	Version
magento-lts	eq	1.9.1.0-lts
magento-lts	eq	1.5.0.0-alpha2
magento-lts	eq	1.2.1.2
magento-lts	eq	1.4.0.0-alpha3
magento-lts	eq	1.9.3.1
magento-lts	eq	1.3.1.1
magento-lts	eq	1.1.1
magento-lts	eq	1.2.0.3
magento-lts	eq	1.2.0
magento-lts	eq	1.4.0.0-beta1