CVE-2020-26295 CMS Editor code execution

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 an...

OpenMage Magento Lts 代码问题漏洞

OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A security vulnerability in OpenMage Magento Lts before versions 19.4.10 and 20.0.5 can be exploited by an attacker to remotely execute code, which can be injected into the server by an administrator with the privilege to...

OpenMage Magento Lts 路径遍历漏洞

OpenMage Magento Lts is an e-commerce system organized by OpenMage. A security vulnerability exists in OpenMage Magento Lts before versions 19.4.10 and 20.0.5, which originates from the fact that an administrator with privileges to import and export data and edit cms pages can inject executable...