Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG in the start function. An attacker can gain unauthorized access to active...

Directory Traversal

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Directory Traversal through the files request parameter in the dataflow import parsers. An attacker with administrative privileges can read...

OpenMage Magento Lts（Magento） 安全漏洞

OpenMage Magento Lts Magento is an e-commerce system developed by the OpenMage organization. Versions of OpenMage Magento Lts prior to 20.17.0 contained security vulnerabilities. These vulnerabilities stemmed from defects in the authorization logic for adding shared wish lists to the shopping car...

OpenMage Magento Lts（Magento） 安全漏洞

OpenMage Magento Lts Magento is an e-commerce system developed by the OpenMage organization. Versions of OpenMage Magento Lts prior to 20.17.0 contained security vulnerabilities. These vulnerabilities stemmed from incomplete blocklists used during the upload of product customization files, which...

Sensitive Information Disclosure

openmage/magento-lts is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper handling of the X-Original-Url header in certain configurations, which allows an attacker to discover the admin URL without prior knowledge of its location...

Information Exposure

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Information Exposure via the X-Original-Url header. An attacker can obtain sensitive information about the administrative interface locatio...

Remote Code Execution (RCE)

openmage/magento-lts is vulnerable to Remote Code Execution RCE. The vulnerability exists due to insufficient input validation which allows an administrator with upload file permission to create products which results in arbitrary code execution via the convert profile...

Remote Code Execution (RCE)

openmage/magento-lts is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the lack of validation in the $this, $callback, and $alias parameters in the getChildGroup function of Abstract.php, allowing an attacker to bypass the block blacklist and inject and execute malicious...

Denial Of Service (DoS)

openmage/magento-lts is vulnerable to Denial Of Service DoS. The vulnerability exists in the filter function of MaliciousCode.php, allowing an attacker to cause an application crash through an infinite loop by providing malicious input...

OpenMage Magento Lts 跨站请求伪造漏洞

OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A cross-site request forgery vulnerability exists in Magneto LTS versions prior to 19.4.22, 20.0.19 and prior to 20.0.19, which stems from the password reset form being vulnerable to a cross-site request forgery attack...

CVE-2021-32758 Layout XML Arbitrary Code Fix

OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched...

OpenMage Magento Lts 输入验证错误漏洞

OpenMage Magento Lts Magento, an e-commerce system from the OpenMage organization, is vulnerable to an input validation error in versions prior to OpenMage Magento LTS 19.4.15 and 20.0.13, which can be exploited by attackers to upload arbitrary executable files to the server...

Remote Code Execution (RCE)

openmage/magento-lts is vulnerable to remote code execution. An attacker is able to upload malicious code via the callbackOptions array due to the lack of validation of the uploaded classes are of Zend3 feature objects...

Privilege Escalation

openmage/magento-lts is vulnerable to privilege escalation. An attacker is able to access the admin console through a vulnerability due to an blind SQL injection vulnerability in the Search module...

OpenMage Magento Lts 路径遍历漏洞

OpenMage Magento Lts is an e-commerce system organized by OpenMage. A security vulnerability exists in OpenMage Magento Lts before versions 19.4.10 and 20.0.5, which originates from the fact that an administrator with privileges to import and export data and edit cms pages can inject executable...