EUVD-2020-18857

Malware in sbrugna...

CVE-2020-26252

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server...

CVE-2020-26295

OpenMage (Magento CE fork) is affected in versions before 19.4.10 and 20.0.5. An administrator with permissions to import/export data and edit CMS pages could inject an executable file on the server via layout XML. The issue is fixed in 19.4.10 and 20.0.5; upgrade to these versions or later to re...

Remote code execution

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server...

CVE-2020-26252

CVE-2020-26252 affects OpenMage prior to versions 19.4.10 and 20.0.6, where an administrator with permission to update product data can store an executable file on the server and load it through layout XML, enabling remote code execution. The issue is fixed in OpenMage versions 19.4.10 and 20.0.6...

Magento Community Edition 2.1.x < 2.1.2 Multiple Vulnerabilities

Binary data 8965.prm...

CVE-2015-1399

Magento CE 1.9.1.0 and EE 1.14.1.0 are affected by a PHP Remote Code Execution via the fetchView() in Mage_Core_Block_Template_Zend, caused by insufficient security checks when including a URL through setScriptPath. An authenticated administrator could execute arbitrary PHP on the server. No expl...