CVE-2021-41144

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

Remote Code Execution (RCE)

openmage/magento-lts is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the lack of validation in the $this, $callback, and $alias parameters in the getChildGroup function of Abstract.php, allowing an attacker to bypass the block blacklist and inject and execute malicious...

CVE-2021-41144

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

Design/Logic Flaw

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

Fix for authenticated remote code execution through layout update

Impact A layout block was able to bypass the block blacklist to execute remote code...