CVE-2020-9582
Description
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Magento versions 2.3.4 and earlier, 2.2.11 and earlier, and older have a command injection vulnerability leading to arbitrary code execution.
Vulnerability
Overview CVE-2020-9582 is a command injection vulnerability in Magento versions 2.3.4 and earlier, 2.2.11 and earlier, 1.14.4.4 and earlier, and 1.9.4.4 and earlier [1]. This flaw allows an attacker to execute arbitrary system commands via malicious input.
Exploitation
The exact attack vector is not specified, but command injection vulnerabilities typically arise when user-controlled data is used in system calls without proper sanitization. The vulnerability may be exploitable through HTTP requests to vulnerable endpoints.
Impact
Successful exploitation can lead to arbitrary code execution, enabling an attacker to compromise the Magento installation and potentially access sensitive information or further pivot within the network.
Mitigation
No patch is mentioned in the CVE description. Users should check for updates from Adobe and apply any available security fixes. Affected versions are end-of-life for some branches, and upgrading to a supported version is recommended. [1]
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
magento/community-editionPackagist | >= 2.3.0, < 2.3.4-p2 | 2.3.4-p2 |
magento/community-editionPackagist | < 2.2.12 | 2.2.12 |
magento/corePackagist | < 1.9.4.5 | 1.9.4.5 |
magento/project-community-editionPackagist | <= 2.0.2 | — |
Affected products
5- osv-coords4 versionspkg:bitnami/magentopkg:composer/magento/community-editionpkg:composer/magento/corepkg:composer/magento/project-community-edition
>= 2.2.0, < 2.2.12+ 3 more
- (no CPE)range: >= 2.2.0, < 2.2.12
- (no CPE)range: >= 2.3.0, < 2.3.4-p2
- (no CPE)range: < 1.9.4.5
- (no CPE)range: <= 2.0.2
- Range: 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-c3m4-hxv9-4mxjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-9582ghsaADVISORY
- helpx.adobe.com/security/products/magento/apsb20-22.htmlghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.