3 matches found
CVE-2021-39217
creationtimestamp| type| source ---|---|--- 2023-01-27 20:45:40+00:00| seen| https://t.me/cibsecurity/57075...
CVE-2021-39217
OpenMage LTS (Magento-LTS) is affected in versions prior to 19.4.22 and 20.0.19, where Custom Layout allowed an admin to execute arbitrary commands via block methods. The issue stems from how Custom Layout updates can invoke block methods, enabling command execution. Patches exist in 19.4.22 and ...
CVE-2021-39217 OpenMage LTS arbitrary command execution in custom layout update through blocks
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue...