Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.16 views

CVE-2026-25524

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions such as getimagesize, fileexists, and isreadable can trigger...

8.1CVSS6AI score0.00539EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/21 2:35 p.m.4 views

EUVD-2026-23891

OpenMage LTS has a Path Traversal Filter Bypass in Dataflow Module...

4.9CVSS5.7AI score0.00502EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/04/20 4:23 p.m.3 views

CVE-2026-40488 OpenMage LTS has Customer File Upload Extension Blocklist Bypass that Leads to Remote Code Execution

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the product custom option file upload in OpenMage LTS uses an incomplete...

8.7CVSS6AI score0.00691EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.6 views

PT-2026-33797

The Dataflow module in OpenMage LTS uses a weak blacklist filter str replace'../', '', $input to prevent path traversal attacks. This filter can be bypassed using patterns like ..././ or ....//, which after the replacement still result in ../. An authenticated administrator can exploit this to re...

4.9CVSS6AI score0.00502EPSS
Exploits1References8
Rows per page
Query Builder