VYPR
High severityNVD Advisory· Published Oct 21, 2020· Updated Aug 4, 2024

RCE in Magento

CVE-2020-15244

Description

In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
openmage/magento-ltsPackagist
< 19.4.819.4.8
openmage/magento-ltsPackagist
>= 20.0.0, < 20.0.420.0.4

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.