Remote Code Execution (RCE)

openmage/magento-lts is vulnerable to remote code execution. An attacker is able to upload malicious code via the callbackOptions array due to the lack of validation of the uploaded classes are of Zend3 feature objects...