2 matches found
CVE-2020-26295
OpenMage (Magento CE fork) is affected in versions before 19.4.10 and 20.0.5. An administrator with permissions to import/export data and edit CMS pages could inject an executable file on the server via layout XML. The issue is fixed in 19.4.10 and 20.0.5; upgrade to these versions or later to re...
CVE-2020-26252
CVE-2020-26252 affects OpenMage prior to versions 19.4.10 and 20.0.6, where an administrator with permission to update product data can store an executable file on the server and load it through layout XML, enabling remote code execution. The issue is fixed in OpenMage versions 19.4.10 and 20.0.6...