Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CNNVD
CNNVDadded 2023/01/28 12:0 a.m.1 views

OpenMage Magento Lts 安全漏洞

OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A security vulnerability exists in OpenMage LTS versions prior to 19.4.22, 20.0.19 and prior to 20.0.19, which stems from the inclusion of an infinite loop in the malicious code filter...

7.5CVSS7.3AI score0.00274EPSS
Exploits0References6
Prion
Prionadded 2023/01/27 7:15 p.m.13 views

Information disclosure

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

5.8CVSS7AI score0.01224EPSS
Exploits0References4Affected Software1
Prion
Prionadded 2023/01/27 7:15 p.m.11 views

Design/Logic Flaw

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

6.5CVSS8.8AI score0.00598EPSS
Exploits0References4Affected Software1
Prion
Prionadded 2023/01/27 4:15 p.m.16 views

Cross site request forgery (csrf)

Magneto LTS Long Term Support is a community developed alternative to the Magento CE official releases. Versions prior to 19.4.22 and 20.0.19 are vulnerable to Cross-Site Request Forgery. The password reset form is vulnerable to CSRF between the time the reset password link is clicked and user...

4.3CVSS4.5AI score0.00088EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologiesadded 2023/01/27 12:0 a.m.2 views

PT-2023-12374 · Unknown · Openmage Lts

Name of the Vulnerable Software and Affected Versions: OpenMage LTS versions prior to 19.4.22 OpenMage LTS versions prior to 20.0.19 Description: The issue affects OpenMage LTS, an e-commerce platform. Magento admin users with access to the customer media could execute code on the server...

7.2CVSS7.1AI score0.01224EPSS
Exploits0References9
CNNVD
CNNVDadded 2023/01/27 12:0 a.m.1 views

OpenMage LTS 命令注入漏洞

OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A command injection vulnerability exists in OpenMage LTS versions 19.4.22 through 20.0.19, which stems from the layout block being able to bypass the block blacklist to execute remote code...

8.8CVSS8.1AI score0.00598EPSS
Exploits0References6
CNNVD
CNNVDadded 2023/01/27 12:0 a.m.0 views

OpenMage LTS 命令注入漏洞

OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A command injection vulnerability exists in OpenMage LTS versions 19.4.22 through 20.0.19, which stems from Custom Layout that enables an administrator user to execute arbitrary commands via the block method...

7.2CVSS7.5AI score0.00724EPSS
Exploits0References6
CNNVD
CNNVDadded 2023/01/27 12:0 a.m.2 views

OpenMage Magento Lts 跨站请求伪造漏洞

OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A cross-site request forgery vulnerability exists in Magneto LTS versions prior to 19.4.22, 20.0.19 and prior to 20.0.19, which stems from the password reset form being vulnerable to a cross-site request forgery attack...

4.3CVSS4.8AI score0.00088EPSS
Exploits1References5
Rows per page
Query Builder