Lucene search
+L

12 matches found

redhatcve
redhatcve
added 2026/04/21 7:23 p.m.11 views

CVE-2026-25525

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the Dataflow module in OpenMage LTS uses a weak blacklist filter...

4.9CVSS5.8AI score0.00502EPSS
Exploits1References1
euvd
euvd
added 2026/04/21 2:35 p.m.5 views

EUVD-2026-23891

OpenMage LTS has a Path Traversal Filter Bypass in Dataflow Module...

4.9CVSS5.7AI score0.00502EPSS
Exploits1References5
osv
osv
added 2026/04/21 2:35 p.m.4 views

GHSA-6VQF-6FHM-7RC6 OpenMage LTS has a Path Traversal Filter Bypass in Dataflow Module

The Dataflow module in OpenMage LTS uses a weak blacklist filter strreplace'../', '', $input to prevent path traversal attacks. This filter can be bypassed using patterns like ..././ or ....//, which after the replacement still result in ../. An authenticated administrator can exploit this to rea...

4.9CVSS5.9AI score0.00502EPSS
Exploits1References6
github
github
added 2026/04/21 2:35 p.m.12 views

OpenMage LTS has a Path Traversal Filter Bypass in Dataflow Module

The Dataflow module in OpenMage LTS uses a weak blacklist filter strreplace'../', '', $input to prevent path traversal attacks. This filter can be bypassed using patterns like ..././ or ....//, which after the replacement still result in ../. An authenticated administrator can exploit this to rea...

4.9CVSS5.9AI score0.00502EPSS
Exploits1References6Affected Software1
nvd
nvd
added 2026/04/20 5:16 p.m.7 views

CVE-2026-25525

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the Dataflow module in OpenMage LTS uses a weak blacklist filter...

4.9CVSS0.00502EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/04/20 4:14 p.m.5 views

CVE-2026-25525 OpenMage LTS has Path Traversal Filter Bypass in Dataflow Module

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the Dataflow module in OpenMage LTS uses a weak blacklist filter...

4.9CVSS5.8AI score0.00502EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/04/20 4:14 p.m.2 views

CVE-2026-25525

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the Dataflow module in OpenMage LTS uses a weak blacklist filter...

4.9CVSS5.8AI score0.00502EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2026/04/20 4:14 p.m.36 views

CVE-2026-25525 OpenMage LTS has Path Traversal Filter Bypass in Dataflow Module

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the Dataflow module in OpenMage LTS uses a weak blacklist filter...

4.9CVSS0.00502EPSS
Exploits1References1
cve
cve
added 2026/04/20 4:14 p.m.26 views

CVE-2026-25525

OpenMage LTS (Magento Long Term Support) Dataflow module before 20.17.0 is affected by a path traversal filter bypass. The weak blacklist uses str_replace('../', '', $input), which can be bypassed with patterns like ..././ or ....//, still resulting in ../ after replacement. An authenticated admi...

4.9CVSS5.8AI score0.00502EPSS
Exploits1References1Affected Software1
osv
osv
added 2026/04/20 4:14 p.m.2 views

CVE-2026-25525 OpenMage LTS has Path Traversal Filter Bypass in Dataflow Module

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the Dataflow module in OpenMage LTS uses a weak blacklist filter...

4.9CVSS6AI score0.00502EPSS
Exploits1References3
cnnvd
cnnvd
added 2026/04/20 12:0 a.m.12 views

OpenMage Magento Lts(Magento) 安全漏洞

OpenMage Magento Lts Magento is an e-commerce system developed by the OpenMage organization. Versions of OpenMage Magento Lts prior to 20.17.0 contained security vulnerabilities. These vulnerabilities stemmed from the Dataflow module’s use of a weak blacklist filter to prevent path traversal...

4.9CVSS5.9AI score0.00502EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/04/20 12:0 a.m.8 views

PT-2026-33797

The Dataflow module in OpenMage LTS uses a weak blacklist filter str replace'../', '', $input to prevent path traversal attacks. This filter can be bypassed using patterns like ..././ or ....//, which after the replacement still result in ../. An authenticated administrator can exploit this to re...

4.9CVSS6AI score0.00502EPSS
Exploits1References8
Rows per page
Query Builder