Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG in the start function. An attacker can gain unauthorized access to active...

Directory Traversal

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Directory Traversal through the files request parameter in the dataflow import parsers. An attacker with administrative privileges can read...

Arbitrary File Upload

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Arbitrary File Upload due to an incomplete blocklist in the file upload process. An attacker can execute arbitrary code on the server by...

OpenMage Magento Lts（Magento） 安全漏洞

OpenMage Magento Lts Magento is an e-commerce system developed by the OpenMage organization. Versions of OpenMage Magento Lts prior to 20.17.0 contained security vulnerabilities. These vulnerabilities stemmed from defects in the authorization logic for adding shared wish lists to the shopping car...

OpenMage Magento Lts（Magento） 安全漏洞

OpenMage Magento Lts Magento is an e-commerce system developed by the OpenMage organization. Versions of OpenMage Magento Lts prior to 20.17.0 contained security vulnerabilities. These vulnerabilities stemmed from incomplete blocklists used during the upload of product customization files, which...

OpenMage Magento Lts（Magento） 安全漏洞

OpenMage Magento Lts Magento is an e-commerce system developed by the OpenMage organization. Versions of OpenMage Magento Lts prior to 20.17.0 contained security vulnerabilities. These vulnerabilities stemmed from potential deserialization attacks when handling phar:// paths, which could lead to...

Sensitive Information Disclosure

openmage/magento-lts is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper handling of the X-Original-Url header in certain configurations, which allows an attacker to discover the admin URL without prior knowledge of its location...

Information Exposure

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Information Exposure via the X-Original-Url header. An attacker can obtain sensitive information about the administrative interface locatio...

CVE-2025-64174

creationtimestamp| type| source ---|---|--- 2025-11-01 00:00:54+00:00| published-proof-of-concept| https://github.com/OpenMage/magento-lts/security/advisories/GHSA-qv78-c8hc-438r...

EUVD-2021-1505

Malware in sbrugna...

CVE-2021-32758

OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched...

Cross-site Scripting (XSS)

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Skin Images / CSS config field when it contains an end script tag. An attacker can manipulate the web page...

OpenMage Magento Lts Security Feature Issue Vulnerability

OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A security signature issue vulnerability exists in OpenMage Magento Lts that originates from allowing to view visitor orders without authentication...

Remote Code Execution (RCE)

openmage/magento-lts is vulnerable to Remote Code Execution RCE. The vulnerability exists due to insufficient input validation which allows an administrator with upload file permission to create products which results in arbitrary code execution via the convert profile...

Remote Code Execution (RCE)

openmage/magento-lts is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the lack of validation in the $this, $callback, and $alias parameters in the getChildGroup function of Abstract.php, allowing an attacker to bypass the block blacklist and inject and execute malicious...

Denial Of Service (DoS)

openmage/magento-lts is vulnerable to Denial Of Service DoS. The vulnerability exists in the filter function of MaliciousCode.php, allowing an attacker to cause an application crash through an infinite loop by providing malicious input...

OpenMage Magento Lts 跨站请求伪造漏洞

OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A cross-site request forgery vulnerability exists in Magneto LTS versions prior to 19.4.22, 20.0.19 and prior to 20.0.19, which stems from the password reset form being vulnerable to a cross-site request forgery attack...

CVE-2021-32758 Layout XML Arbitrary Code Fix

OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched...

OpenMage Magento Lts 输入验证错误漏洞

OpenMage Magento Lts Magento, an e-commerce system from the OpenMage organization, is vulnerable to an input validation error in versions prior to OpenMage Magento LTS 19.4.15 and 20.0.13, which can be exploited by attackers to upload arbitrary executable files to the server...

Remote Code Execution (RCE)

openmage/magento-lts is vulnerable to remote code execution. An attacker is able to upload malicious code via the callbackOptions array due to the lack of validation of the uploaded classes are of Zend3 feature objects...