VYPR

Magento

by Openmage

Source repositories

CVEs (25)

  • CVE-2020-26295Jan 21, 2021
    risk 0.00cvss epss 0.02

    OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions…

  • CVE-2020-26285Jan 21, 2021
    risk 0.00cvss epss 0.03

    OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was…

  • CVE-2020-26252Jan 20, 2021
    risk 0.00cvss epss 0.02

    OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable…

  • CVE-2020-15244Oct 21, 2020
    risk 0.00cvss epss 0.01

    In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4.

  • CVE-2020-15151Aug 19, 2020
    risk 0.00cvss epss 0.01

    OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6…

Page 2 of 2