5 matches found
Remote Code Execution (RCE)
openmage/magento-lts is vulnerable to Remote Code Execution RCE. The vulnerability exists due to insufficient input validation which allows an administrator with upload file permission to create products which results in arbitrary code execution via the convert profile...
CVE-2021-41231 OpenMage LTS DataFlow upload remote code execution vulnerability
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue...
GHSA-H632-P764-PJQM DataFlow upload remote code execution vulnerability
Impact An administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile...
DataFlow upload remote code execution vulnerability
Impact An administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile...
PT-2023-12376 · Unknown · Openmage Lts
Name of the Vulnerable Software and Affected Versions: OpenMage LTS versions prior to 19.4.22 OpenMage LTS versions prior to 20.0.19 Description: The issue allows an administrator with the permissions to upload files via DataFlow and to create products to execute arbitrary code via the convert...