Lucene search
K

184 matches found

OSV
OSV
added 2023/01/27 7:15 p.m.20 views

CVE-2021-41144

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

8.8CVSS8.9AI score
Exploits0References4
NVD
NVD
added 2023/01/27 7:15 p.m.23 views

CVE-2021-41143

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

7.2CVSS7AI score0.01293EPSS
Exploits0References4
NVD
NVD
added 2023/01/27 7:15 p.m.58 views

CVE-2021-41144

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

8.8CVSS8.8AI score0.01166EPSS
Exploits0References4
OSV
OSV
added 2023/01/27 7:15 p.m.15 views

CVE-2021-41143

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

7.2CVSS7.1AI score
Exploits0References4
Prion
Prion
added 2023/01/27 7:15 p.m.25 views

Design/Logic Flaw

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

6.5CVSS8.8AI score0.01166EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/01/27 7:15 p.m.24 views

Design/Logic Flaw

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

5.8CVSS7.2AI score0.01235EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/01/27 7:15 p.m.23 views

Information disclosure

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

5.8CVSS7AI score0.01293EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/01/27 6:15 p.m.12 views

CVE-2021-39217

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue...

7.2CVSS7.3AI score
Exploits0References4
NVD
NVD
added 2023/01/27 6:15 p.m.36 views

CVE-2021-39217

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue...

7.2CVSS7.3AI score0.01319EPSS
Exploits0References4
Prion
Prion
added 2023/01/27 6:15 p.m.20 views

Design/Logic Flaw

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue...

5.8CVSS7.2AI score0.01319EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/27 6:12 p.m.7 views

CVE-2021-41231 OpenMage LTS DataFlow upload remote code execution vulnerability

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

7.2CVSS7.5AI score0.01235EPSS
Exploits0References4
CVE
CVE
added 2023/01/27 6:12 p.m.75 views

CVE-2021-41231

OpenMage LTS (Magento LTS) is affected by CVE-2021-41231. The vulnerability allows an administrator with DataFlow upload permissions and the ability to create products to execute arbitrary code via the convert profile. Affected versions are prior to 19.4.22 and 20.0.19; these versions require a p...

7.2CVSS7.2AI score0.01235EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/01/27 6:12 p.m.66 views

CVE-2021-41231 OpenMage LTS DataFlow upload remote code execution vulnerability

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

7.2CVSS7.5AI score0.01235EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/01/27 6:8 p.m.61 views

CVE-2021-41144 OpenMage LTS authenticated remote code execution through layout update

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

8.8CVSS9AI score0.01166EPSS
Exploits0References4
CVE
CVE
added 2023/01/27 6:8 p.m.81 views

CVE-2021-41144

OpenMage LTS (Magento LTS) prior to versions 19.4.22 and 20.0.19 is affected by CVE-2021-41144, where a layout block could bypass the block blacklist and achieve remote code execution. The root cause is insufficient validation in layout processing that lets an attacker inject and run code through...

8.8CVSS8.8AI score0.01166EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/27 6:8 p.m.4 views

CVE-2021-41144 OpenMage LTS authenticated remote code execution through layout update

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

8.8CVSS9AI score0.01166EPSS
Exploits0References4
CVE
CVE
added 2023/01/27 6:2 p.m.91 views

CVE-2021-41143

CVE-2021-41143 affects OpenMage LTS (Magento-based) where admin users with access to customer media could trigger server-side code execution. The issue is a path traversal vulnerability that allows arbitrary file deletion and code execution, present in OpenMage LTS versions prior to 19.4.22 and 2...

7.2CVSS7AI score0.01293EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/01/27 6:2 p.m.20 views

CVE-2021-41143 OpenMage LTS arbitrary file deletion in customer media allows for remote code execution

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

7.2CVSS7.2AI score0.01293EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/01/27 6:2 p.m.5 views

CVE-2021-41143 OpenMage LTS arbitrary file deletion in customer media allows for remote code execution

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

7.2CVSS7.2AI score0.01293EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/01/27 5:57 p.m.5 views

CVE-2021-39217 OpenMage LTS arbitrary command execution in custom layout update through blocks

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue...

7.2CVSS7.5AI score0.01319EPSS
Exploits0References4
Rows per page
Query Builder