CVE-2026-25524

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions such as getimagesize, fileexists, and isreadable can trigger...

EUVD-2026-23891

OpenMage LTS has a Path Traversal Filter Bypass in Dataflow Module...

EUVD-2026-23889

OpenMage LTS: Phar Deserialization leads to Remote Code Execution...

CVE-2026-40488 OpenMage LTS has Customer File Upload Extension Blocklist Bypass that Leads to Remote Code Execution

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the product custom option file upload in OpenMage LTS uses an incomplete...

PT-2026-33803

Name of the Vulnerable Software and Affected Versions Magento Long Term Support LTS versions prior to 20.17.0 Description The product custom option file upload feature uses an incomplete blocklist forbidden extensions = php,exe to prevent dangerous file uploads. This restriction can be bypassed b...

PT-2026-33797

The Dataflow module in OpenMage LTS uses a weak blacklist filter str replace'../', '', $input to prevent path traversal attacks. This filter can be bypassed using patterns like ..././ or ....//, which after the replacement still result in ../. An authenticated administrator can exploit this to re...

OpenMage Magento Lts 代码问题漏洞

OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A code issue vulnerability exists in OpenMage LTS versions 19.4.22 through 20.0.19, which originates from an administrator who has the right to upload files and create products via DataFlow, and can execute arbitrary code...