VYPR
High severityNVD Advisory· Published Jan 27, 2023· Updated Mar 10, 2025

OpenMage LTS authenticated remote code execution through layout update

CVE-2021-41144

Description

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
openmage/magento-ltsPackagist
< 19.4.2219.4.22
openmage/magento-ltsPackagist
>= 20.0.0, < 20.0.1920.0.19

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.