VYPR
High severityNVD Advisory· Published Jan 27, 2023· Updated Mar 10, 2025

OpenMage LTS arbitrary file deletion in customer media allows for remote code execution

CVE-2021-41143

Description

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
openmage/magento-ltsPackagist
< 19.4.2219.4.22
openmage/magento-ltsPackagist
>= 20.0.0, < 20.0.1920.0.19

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.