18 matches found
CVE-2021-21426
CVE-2021-21426 relates to Magento-lts (versions <= 19.4.12 and
CVE-2020-15244
CVE-2020-15244 affects OpenMage/magento-lts within Magento: prior to versions 19.4.8 and 20.0.4, an admin can generate SOAP credentials that enable PHP Object Injection through product attributes and a product, leading to remote code execution. The issue is patched in 19.4.8 and 20.0.4.
CVE-2021-41143
CVE-2021-41143 affects OpenMage LTS (Magento-based) where admin users with access to customer media could trigger server-side code execution. The issue is a path traversal vulnerability that allows arbitrary file deletion and code execution, present in OpenMage LTS versions prior to 19.4.22 and 2...
CVE-2023-23617
OpenMage LTS (OpenMage Magento LTS) is affected by CVE-2023-23617. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in the MaliciousCode filter under certain conditions, enabling a Denial of Service. The fixed releases are 19.4.22 and 20.0.19, which address this issue. Other connect...
CVE-2021-32759
OpenMage magento-lts before versions 19.4.15 and 20.0.13 are affected by a data-flow sanitation flaw that allowed admin users to upload arbitrary executable files to the server. The issue is mitigated by patches introduced in OpenMage 19.4.15 and 20.0.13. The connected sources consistently descri...
CVE-2021-41144
OpenMage LTS (Magento LTS) prior to versions 19.4.22 and 20.0.19 is affected by CVE-2021-41144, where a layout block could bypass the block blacklist and achieve remote code execution. The root cause is insufficient validation in layout processing that lets an attacker inject and run code through...
CVE-2021-41231
OpenMage LTS (Magento LTS) is affected by CVE-2021-41231. The vulnerability allows an administrator with DataFlow upload permissions and the ability to create products to execute arbitrary code via the convert profile. Affected versions are prior to 19.4.22 and 20.0.19; these versions require a p...
CVE-2021-21427
CVE-2021-21427 applies to Magento-lts, a long-term support variant of Magento CE. The vulnerability is a backport of CVE-2021-21024 and affects magento-lts versions before 19.4.13 and 20.0.9, where an administrator could gain unauthorized access to restricted resources. The issue is mitigated by ...
CVE-2021-21395
Magneto LTS (OpenMage Magento LTS) is vulnerable to Cross-Site Request Forgery in the password reset flow. Affected versions are prior to 19.4.22 and 20.0.19, where the password reset form is susceptible to CSRF between the time the reset link is clicked and the user submits a new password. The i...
CVE-2021-39217
OpenMage LTS (Magento-LTS) is affected in versions prior to 19.4.22 and 20.0.19, where Custom Layout allowed an admin to execute arbitrary commands via block methods. The issue stems from how Custom Layout updates can invoke block methods, enabling command execution. Patches exist in 19.4.22 and ...
CVE-2023-41879
CVE-2023-41879 affects Magento OpenMage LTS (Magento LTS) where a guest-order retrieval cookie, guest-view, contains a 6-hex-protect_code. The short entropy (24 bits) enables brute-forcing to view guest orders without authentication, exposing billing/shipping data and order items. Multiple source...
CVE-2024-41676
Magento LTS (OpenMage Magento-lts) is affected by an XSS in system config fields design/header/welcome, design/header/logo_src, design/header/logo_src_small, and design/header/logo_alt due to missing escaping. The issue allows input of arbitrary HTML/JavaScript and is mitigated by upgrading to ve...
CVE-2026-25525
OpenMage LTS (Magento Long Term Support) Dataflow module before 20.17.0 is affected by a path traversal filter bypass. The weak blacklist uses str_replace('../', '', $input), which can be bypassed with patterns like ..././ or ....//, still resulting in ../ after replacement. An authenticated admi...
CVE-2026-25523
Magento-lts versions prior to 20.16.1 are affected: the admin URL can be discovered without prior knowledge by exploiting the X-Original-Url header in certain configurations. The root cause is exposure via the X-Original-Url header; patches exist and are applied in version 20.16.1. Several connec...
CVE-2025-64174
CVE-2025-64174 concerns the OpenMage/magento-lts project. A stored XSS vulnerability affects versions 20.15.0 and earlier, allowing an admin (with direct database access or via the admin notification feed) to inject malicious scripts through unescaped translation strings and URLs rendered in app/...
CVE-2026-40488
OpenMage LTS (Magento LTS) before 20.17.0 uses an incomplete blocklist (forbidden_extensions = php,exe) for custom option file uploads. This can be bypassed by using alternative PHP executable extensions such as .phtml, .phar, .php3, .php4, .php5, .php7, and .pht, allowing files to be uploaded to...
CVE-2026-25524
OpenMage LTS (Magento LTS unofficial fork) before v20.17.0 is affected by a Phar deserialization flaw. PHP functions getimagesize(), file_exists(), and is_readable() can deserialize when given phar:// stream wrapper paths, used during image validation/media handling with controllable file paths. ...
CVE-2026-40098
CVE-2026-40098 affects OpenMage LTS (Magento-based) prior to version 20.17.0. The shared wishlist add-to-cart endpoint improperly authorizes via a public sharing_code while loading the target wishlist item by a separate global wishlist_item_id, failing to verify ownership. This enables an attacke...