75 matches found
CVE-2026-42155 Magento LTS: Weak API Session ID — Predictable MD5 of Time-Derived Inputs
Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...
CVE-2026-42155
Summary of CVE-2026-42155 (Magento OpenMage LTS): The issue affects OpenMage/magento-lts OpenMage LTS releases via the legacy API session ID generation in Mage_Api_Model_Session::start(), where the session ID is md5(time() . uniqid('', true) . (possibly null sessionName)). This yields very low en...
CVE-2026-42155
Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...
CVE-2026-42458
CVE-2026-42458 (Magento LTS/OpenMage Magento-LTS) : A reflected XSS in the admin-import/export Dataflow - Profiles feature allows injection via the filename parameter in the Dataflow Import path. Affected: OpenMage/magento-lts (unofficial Magento LTS) prior to version 20.18.0. Evidence across sou...
magento-lts 安全特征问题漏洞
Magento LTS is an open-source alternative to OpenMage, designed as a reliable substitute for the official Magento CE version. Versions of Magento LTS prior to 20.18.0 had security vulnerabilities. These vulnerabilities stemmed from the XML-RPC/SOAP API session IDs using time-based, outdated...
magento-lts 输入验证错误漏洞
Magento LTS is an open-source alternative to Magento CE, designed to be a reliable replacement for the official Magento version. Versions of Magento LTS prior to 20.18.0 contained a vulnerability related to input validation. This vulnerability stemmed from the...
Magento LTS: Reflected XSS - Import -> Data Flow (profiles)
A reflected XSS vulnerability was found under admin panel - System - Import/Export - Dataflow - Profiles. Steps to produce + Login to the admin panel + Go to the path System - Import/Export - Dataflow - Profiles + Select profile direction as Import. + Click on Import Customers + Upload the file...
Open Redirect
Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Open Redirect via the stockAction process. An attacker can redirect authenticated users to arbitrary external websites by supplying a craft...
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG in the start function. An attacker can gain unauthorized access to active...
EUVD-2026-23903
OpenMage LTS: Cross-user wishlist import leads to private option & file disclosure...
Directory Traversal
Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Directory Traversal through the files request parameter in the dataflow import parsers. An attacker with administrative privileges can read...
Missing Authorization
Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Missing Authorization through the MageWishlistSharedController shared wishlist item flow. An attacker can access or manipulate wishlist ite...
OpenMage Magento Lts(Magento) 安全漏洞
OpenMage Magento Lts Magento is an e-commerce system developed by the OpenMage organization. Versions of OpenMage Magento Lts prior to 20.17.0 contained security vulnerabilities. These vulnerabilities stemmed from defects in the authorization logic for adding shared wish lists to the shopping car...
OpenMage Magento Lts(Magento) 安全漏洞
OpenMage Magento Lts Magento is an e-commerce system developed by the OpenMage organization. Versions of OpenMage Magento Lts prior to 20.17.0 contained security vulnerabilities. These vulnerabilities stemmed from incomplete blocklists used during the upload of product customization files, which...
OpenMage Magento Lts(Magento) 安全漏洞
OpenMage Magento Lts Magento is an e-commerce system developed by the OpenMage organization. Versions of OpenMage Magento Lts prior to 20.17.0 contained security vulnerabilities. These vulnerabilities stemmed from the Dataflow module’s use of a weak blacklist filter to prevent path traversal...
Sensitive Information Disclosure
openmage/magento-lts is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper handling of the X-Original-Url header in certain configurations, which allows an attacker to discover the admin URL without prior knowledge of its location...
Information Exposure
Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Information Exposure via the X-Original-Url header. An attacker can obtain sensitive information about the administrative interface locatio...
Cross-site Scripting (XSS)
Magento-lts is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unescaped translation strings and URLs rendered in the admin notification grid, which allows an attacker with database or feed access to inject malicious scripts into vulnerable fields...
EUVD-2021-0845
Malware in sbrugna...
EUVD-2021-0819
Malware in sbrugna...