11 matches found
CVE-2026-25525
Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the Dataflow module in OpenMage LTS uses a weak blacklist filter...
EUVD-2026-23891
OpenMage LTS has a Path Traversal Filter Bypass in Dataflow Module...
GHSA-6VQF-6FHM-7RC6 OpenMage LTS has a Path Traversal Filter Bypass in Dataflow Module
The Dataflow module in OpenMage LTS uses a weak blacklist filter strreplace'../', '', $input to prevent path traversal attacks. This filter can be bypassed using patterns like ..././ or ....//, which after the replacement still result in ../. An authenticated administrator can exploit this to rea...
OpenMage LTS has a Path Traversal Filter Bypass in Dataflow Module
The Dataflow module in OpenMage LTS uses a weak blacklist filter strreplace'../', '', $input to prevent path traversal attacks. This filter can be bypassed using patterns like ..././ or ....//, which after the replacement still result in ../. An authenticated administrator can exploit this to rea...
CVE-2026-25525
Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the Dataflow module in OpenMage LTS uses a weak blacklist filter...
CVE-2026-25525 OpenMage LTS has Path Traversal Filter Bypass in Dataflow Module
Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the Dataflow module in OpenMage LTS uses a weak blacklist filter...
CVE-2026-25525
Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the Dataflow module in OpenMage LTS uses a weak blacklist filter...
CVE-2026-25525
OpenMage LTS (Magento Long Term Support) Dataflow module before 20.17.0 is affected by a path traversal filter bypass. The weak blacklist uses str_replace('../', '', $input), which can be bypassed with patterns like ..././ or ....//, still resulting in ../ after replacement. An authenticated admi...
CVE-2026-25525 OpenMage LTS has Path Traversal Filter Bypass in Dataflow Module
Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the Dataflow module in OpenMage LTS uses a weak blacklist filter...
PT-2026-33797
The Dataflow module in OpenMage LTS uses a weak blacklist filter str replace'../', '', $input to prevent path traversal attacks. This filter can be bypassed using patterns like ..././ or ....//, which after the replacement still result in ../. An authenticated administrator can exploit this to re...
OpenMage Magento Lts(Magento) 安全漏洞
OpenMage Magento Lts Magento is an e-commerce system developed by the OpenMage organization. Versions of OpenMage Magento Lts prior to 20.17.0 contained security vulnerabilities. These vulnerabilities stemmed from the Dataflow module’s use of a weak blacklist filter to prevent path traversal...