16 matches found
CVE-2026-34480
Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets producing invalid XML output whenever a log message or M...
EUVD-2020-18848
Malware in sbrugna...
CVE-2021-32758
OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched...
CVE-2020-26295
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 an...
PT-2024-40414 · Adobe · Magento Open Source +1
Name of the Vulnerable Software and Affected Versions: Magento Commerce versions 1.9.0.0 through 1.14.3.9 Magento Open Source versions 1.5.0.0 through 1.9.3.9 Description: The issue concerns various security vulnerabilities, including authenticated Admin user remote code execution RCE, cross-site...
Remote Code Execution (RCE)
magento-lts is vulnerable to remote code execution. An attacker is able to exploit the vulnerability by injecting malicious code via the block methods through layout XML...
CVE-2021-32758 Layout XML Arbitrary Code Fix
OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched...
OpenMage Magento Lts Injection Vulnerability
OpenMage Magento Lts is an e-commerce system organized by OpenMage. A security vulnerability exists in OpenMage Magento Lts before versions 19.4.10 and 20.0.5, which originates from the fact that an administrator with privileges to import and export data and edit cms pages can inject executable...
CVE-2020-26295
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 an...
Design/Logic Flaw
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 an...
CVE-2020-26295 CMS Editor code execution
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 an...
OpenMage Magento Lts 路径遍历漏洞
OpenMage Magento Lts is an e-commerce system organized by OpenMage. A security vulnerability exists in OpenMage Magento Lts before versions 19.4.10 and 20.0.5, which originates from the fact that an administrator with privileges to import and export data and edit cms pages can inject executable...
CVE-2020-26252
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server...
CVE-2020-26252
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server...
Remote code execution
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server...
CVE-2020-26252 Layout XML RCE Vulnerability in OpenMage
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server...