Lucene search
K

4 matches found

Prion
Prion
added 2023/01/27 7:15 p.m.23 views

Information disclosure

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

5.8CVSS7AI score0.01293EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/01/27 7:15 p.m.24 views

Design/Logic Flaw

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

6.5CVSS8.8AI score0.01166EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/01/27 4:15 p.m.27 views

Cross site request forgery (csrf)

Magneto LTS Long Term Support is a community developed alternative to the Magento CE official releases. Versions prior to 19.4.22 and 20.0.19 are vulnerable to Cross-Site Request Forgery. The password reset form is vulnerable to CSRF between the time the reset password link is clicked and user...

4.3CVSS4.5AI score0.00383EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2023/01/27 12:0 a.m.5 views

OpenMage LTS 命令注入漏洞

OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A command injection vulnerability exists in OpenMage LTS versions 19.4.22 through 20.0.19, which stems from the layout block being able to bypass the block blacklist to execute remote code...

8.8CVSS8.1AI score0.01166EPSS
Exploits0References6
Rows per page
Query Builder