4 matches found
Information disclosure
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue...
Design/Logic Flaw
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue...
Cross site request forgery (csrf)
Magneto LTS Long Term Support is a community developed alternative to the Magento CE official releases. Versions prior to 19.4.22 and 20.0.19 are vulnerable to Cross-Site Request Forgery. The password reset form is vulnerable to CSRF between the time the reset password link is clicked and user...
OpenMage LTS 命令注入漏洞
OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A command injection vulnerability exists in OpenMage LTS versions 19.4.22 through 20.0.19, which stems from the layout block being able to bypass the block blacklist to execute remote code...