Magento Lts Security Vulnerabilities and Issues — Magento Lts CVE List

Lucene search

OpenmageMagento Lts

7 matches found

CVE•added 2021/04/21 9:15 p.m.•83 views

CVE-2021-21426

Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported from Zend Framework...

9.8CVSS9.3AI score0.79527EPSS

CVE•added 2021/08/27 6:15 p.m.•67 views

CVE-2021-32758

OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched.

9CVSS7.3AI score0.00489EPSS

CVE•added 2021/08/27 10:15 p.m.•63 views

CVE-2021-32759

OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for thi...

7.2CVSS6.9AI score0.0055EPSS

CVE•added 2021/04/21 9:15 p.m.•58 views

CVE-2021-21427

Magento-lts is a long-term support alternative to Magento Community Edition (CE). A vulnerability in magento-lts versions before 19.4.13 and 20.0.9 potentially allows an administrator unauthorized access to restricted resources. This is a backport of CVE-2021-21024. The vulnerability is patched in ...

9.1CVSS7.2AI score0.02071EPSS

CVE•added 2021/01/20 10:15 p.m.•47 views

CVE-2020-26252

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server a...

8.7CVSS7.5AI score0.01707EPSS

CVE•added 2021/01/21 2:15 p.m.•41 views

CVE-2020-26295

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 and ...

8.7CVSS7.1AI score0.00751EPSS

CVE•added 2021/01/21 2:15 p.m.•40 views

CVE-2020-26285

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an ex...

8.7CVSS7.5AI score0.01923EPSS