Search criteria
8 vulnerabilities found for openmage by openmage
CVE-2021-32758 (GCVE-0-2021-32758)
Vulnerability from nvd – Published: 2021-08-27 17:30 – Updated: 2024-08-03 23:33
VLAI?
Title
Layout XML Arbitrary Code Fix
Summary
OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched.
Severity ?
7.2 (High)
CWE
- CWE-91 - XML Injection (aka Blind XPath Injection)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenMage | magento-lts |
Affected:
< 19.4.15
Affected: >= 20, < 20.0.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-26rr-v2j2-25fh"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v20.0.11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "magento-lts",
"vendor": "OpenMage",
"versions": [
{
"status": "affected",
"version": "\u003c 19.4.15"
},
{
"status": "affected",
"version": "\u003e= 20, \u003c 20.0.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-91",
"description": "CWE-91: XML Injection (aka Blind XPath Injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-27T17:30:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-26rr-v2j2-25fh"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v20.0.11"
}
],
"source": {
"advisory": "GHSA-26rr-v2j2-25fh",
"discovery": "UNKNOWN"
},
"title": "Layout XML Arbitrary Code Fix ",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32758",
"STATE": "PUBLIC",
"TITLE": "Layout XML Arbitrary Code Fix "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "magento-lts",
"version": {
"version_data": [
{
"version_value": "\u003c 19.4.15"
},
{
"version_value": "\u003e= 20, \u003c 20.0.11"
}
]
}
}
]
},
"vendor_name": "OpenMage"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-91: XML Injection (aka Blind XPath Injection)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-26rr-v2j2-25fh",
"refsource": "CONFIRM",
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-26rr-v2j2-25fh"
},
{
"name": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.15",
"refsource": "MISC",
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.15"
},
{
"name": "https://github.com/OpenMage/magento-lts/releases/tag/v20.0.11",
"refsource": "MISC",
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v20.0.11"
}
]
},
"source": {
"advisory": "GHSA-26rr-v2j2-25fh",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32758",
"datePublished": "2021-08-27T17:30:10",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26295 (GCVE-0-2020-26295)
Vulnerability from nvd – Published: 2021-01-21 13:40 – Updated: 2024-08-04 15:56
VLAI?
Title
CMS Editor code execution
Summary
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved
Severity ?
8.7 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenMage | magento-lts |
Affected:
< 19.4.10
Affected: >= 20.0.0, < 20.0.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:03.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-52c6-6v3v-f3fg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/commit/9cf8c0aa1d1306051a18ace08d40279dadc1fb35"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "magento-lts",
"vendor": "OpenMage",
"versions": [
{
"status": "affected",
"version": "\u003c 19.4.10"
},
{
"status": "affected",
"version": "\u003e= 20.0.0, \u003c 20.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-21T13:40:19",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-52c6-6v3v-f3fg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenMage/magento-lts/commit/9cf8c0aa1d1306051a18ace08d40279dadc1fb35"
}
],
"source": {
"advisory": "GHSA-52c6-6v3v-f3fg",
"discovery": "UNKNOWN"
},
"title": "CMS Editor code execution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26295",
"STATE": "PUBLIC",
"TITLE": "CMS Editor code execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "magento-lts",
"version": {
"version_data": [
{
"version_value": "\u003c 19.4.10"
},
{
"version_value": "\u003e= 20.0.0, \u003c 20.0.6"
}
]
}
}
]
},
"vendor_name": "OpenMage"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.10",
"refsource": "MISC",
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.10"
},
{
"name": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-52c6-6v3v-f3fg",
"refsource": "CONFIRM",
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-52c6-6v3v-f3fg"
},
{
"name": "https://github.com/OpenMage/magento-lts/commit/9cf8c0aa1d1306051a18ace08d40279dadc1fb35",
"refsource": "MISC",
"url": "https://github.com/OpenMage/magento-lts/commit/9cf8c0aa1d1306051a18ace08d40279dadc1fb35"
}
]
},
"source": {
"advisory": "GHSA-52c6-6v3v-f3fg",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26295",
"datePublished": "2021-01-21T13:40:19",
"dateReserved": "2020-10-01T00:00:00",
"dateUpdated": "2024-08-04T15:56:03.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26285 (GCVE-0-2020-26285)
Vulnerability from nvd – Published: 2021-01-21 13:30 – Updated: 2024-08-04 15:56
VLAI?
Title
Widget instances allows a hacker to inject an executable file on the server on OpenMage
Summary
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an executable file on the server. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved
Severity ?
8.7 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenMage | magento-lts |
Affected:
< 19.4.10
Affected: >= 20.0.0, < 20.0.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:04.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-hj6w-xrv3-wjj9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/commit/4132668f5009f17456fe644742026f56d2297586"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "magento-lts",
"vendor": "OpenMage",
"versions": [
{
"status": "affected",
"version": "\u003c 19.4.10"
},
{
"status": "affected",
"version": "\u003e= 20.0.0, \u003c 20.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an executable file on the server. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-21T13:30:17",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-hj6w-xrv3-wjj9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenMage/magento-lts/commit/4132668f5009f17456fe644742026f56d2297586"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.10"
}
],
"source": {
"advisory": "GHSA-hj6w-xrv3-wjj9",
"discovery": "UNKNOWN"
},
"title": "Widget instances allows a hacker to inject an executable file on the server on OpenMage",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26285",
"STATE": "PUBLIC",
"TITLE": "Widget instances allows a hacker to inject an executable file on the server on OpenMage"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "magento-lts",
"version": {
"version_data": [
{
"version_value": "\u003c 19.4.10"
},
{
"version_value": "\u003e= 20.0.0, \u003c 20.0.5"
}
]
}
}
]
},
"vendor_name": "OpenMage"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an executable file on the server. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-hj6w-xrv3-wjj9",
"refsource": "CONFIRM",
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-hj6w-xrv3-wjj9"
},
{
"name": "https://github.com/OpenMage/magento-lts/commit/4132668f5009f17456fe644742026f56d2297586",
"refsource": "MISC",
"url": "https://github.com/OpenMage/magento-lts/commit/4132668f5009f17456fe644742026f56d2297586"
},
{
"name": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.10",
"refsource": "MISC",
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.10"
}
]
},
"source": {
"advisory": "GHSA-hj6w-xrv3-wjj9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26285",
"datePublished": "2021-01-21T13:30:17",
"dateReserved": "2020-10-01T00:00:00",
"dateUpdated": "2024-08-04T15:56:04.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26252 (GCVE-0-2020-26252)
Vulnerability from nvd – Published: 2021-01-20 21:55 – Updated: 2024-08-04 15:56
VLAI?
Title
Layout XML RCE Vulnerability in OpenMage
Summary
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server and load it via layout xml. The latest OpenMage Versions up from 19.4.10 and 20.0.6 have this issue solved.
Severity ?
8.7 (High)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenMage | magento-lts |
Affected:
< 19.4.10
Affected: >= 20, < 20.0.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:03.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-99m6-r53j-4hh2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/commit/0786aa48bc7b618cfe37b59f45e1da3714c533c3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "magento-lts",
"vendor": "OpenMage",
"versions": [
{
"status": "affected",
"version": "\u003c 19.4.10"
},
{
"status": "affected",
"version": "\u003e= 20, \u003c 20.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server and load it via layout xml. The latest OpenMage Versions up from 19.4.10 and 20.0.6 have this issue solved."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T21:55:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-99m6-r53j-4hh2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenMage/magento-lts/commit/0786aa48bc7b618cfe37b59f45e1da3714c533c3"
}
],
"source": {
"advisory": "GHSA-99m6-r53j-4hh2",
"discovery": "UNKNOWN"
},
"title": "Layout XML RCE Vulnerability in OpenMage",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26252",
"STATE": "PUBLIC",
"TITLE": "Layout XML RCE Vulnerability in OpenMage"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "magento-lts",
"version": {
"version_data": [
{
"version_value": "\u003c 19.4.10"
},
{
"version_value": "\u003e= 20, \u003c 20.0.6"
}
]
}
}
]
},
"vendor_name": "OpenMage"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server and load it via layout xml. The latest OpenMage Versions up from 19.4.10 and 20.0.6 have this issue solved."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-99m6-r53j-4hh2",
"refsource": "CONFIRM",
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-99m6-r53j-4hh2"
},
{
"name": "https://github.com/OpenMage/magento-lts/commit/0786aa48bc7b618cfe37b59f45e1da3714c533c3",
"refsource": "MISC",
"url": "https://github.com/OpenMage/magento-lts/commit/0786aa48bc7b618cfe37b59f45e1da3714c533c3"
}
]
},
"source": {
"advisory": "GHSA-99m6-r53j-4hh2",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26252",
"datePublished": "2021-01-20T21:55:13",
"dateReserved": "2020-10-01T00:00:00",
"dateUpdated": "2024-08-04T15:56:03.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32758 (GCVE-0-2021-32758)
Vulnerability from cvelistv5 – Published: 2021-08-27 17:30 – Updated: 2024-08-03 23:33
VLAI?
Title
Layout XML Arbitrary Code Fix
Summary
OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched.
Severity ?
7.2 (High)
CWE
- CWE-91 - XML Injection (aka Blind XPath Injection)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenMage | magento-lts |
Affected:
< 19.4.15
Affected: >= 20, < 20.0.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-26rr-v2j2-25fh"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v20.0.11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "magento-lts",
"vendor": "OpenMage",
"versions": [
{
"status": "affected",
"version": "\u003c 19.4.15"
},
{
"status": "affected",
"version": "\u003e= 20, \u003c 20.0.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-91",
"description": "CWE-91: XML Injection (aka Blind XPath Injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-27T17:30:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-26rr-v2j2-25fh"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v20.0.11"
}
],
"source": {
"advisory": "GHSA-26rr-v2j2-25fh",
"discovery": "UNKNOWN"
},
"title": "Layout XML Arbitrary Code Fix ",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32758",
"STATE": "PUBLIC",
"TITLE": "Layout XML Arbitrary Code Fix "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "magento-lts",
"version": {
"version_data": [
{
"version_value": "\u003c 19.4.15"
},
{
"version_value": "\u003e= 20, \u003c 20.0.11"
}
]
}
}
]
},
"vendor_name": "OpenMage"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-91: XML Injection (aka Blind XPath Injection)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-26rr-v2j2-25fh",
"refsource": "CONFIRM",
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-26rr-v2j2-25fh"
},
{
"name": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.15",
"refsource": "MISC",
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.15"
},
{
"name": "https://github.com/OpenMage/magento-lts/releases/tag/v20.0.11",
"refsource": "MISC",
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v20.0.11"
}
]
},
"source": {
"advisory": "GHSA-26rr-v2j2-25fh",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32758",
"datePublished": "2021-08-27T17:30:10",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26295 (GCVE-0-2020-26295)
Vulnerability from cvelistv5 – Published: 2021-01-21 13:40 – Updated: 2024-08-04 15:56
VLAI?
Title
CMS Editor code execution
Summary
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved
Severity ?
8.7 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenMage | magento-lts |
Affected:
< 19.4.10
Affected: >= 20.0.0, < 20.0.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:03.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-52c6-6v3v-f3fg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/commit/9cf8c0aa1d1306051a18ace08d40279dadc1fb35"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "magento-lts",
"vendor": "OpenMage",
"versions": [
{
"status": "affected",
"version": "\u003c 19.4.10"
},
{
"status": "affected",
"version": "\u003e= 20.0.0, \u003c 20.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-21T13:40:19",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-52c6-6v3v-f3fg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenMage/magento-lts/commit/9cf8c0aa1d1306051a18ace08d40279dadc1fb35"
}
],
"source": {
"advisory": "GHSA-52c6-6v3v-f3fg",
"discovery": "UNKNOWN"
},
"title": "CMS Editor code execution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26295",
"STATE": "PUBLIC",
"TITLE": "CMS Editor code execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "magento-lts",
"version": {
"version_data": [
{
"version_value": "\u003c 19.4.10"
},
{
"version_value": "\u003e= 20.0.0, \u003c 20.0.6"
}
]
}
}
]
},
"vendor_name": "OpenMage"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.10",
"refsource": "MISC",
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.10"
},
{
"name": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-52c6-6v3v-f3fg",
"refsource": "CONFIRM",
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-52c6-6v3v-f3fg"
},
{
"name": "https://github.com/OpenMage/magento-lts/commit/9cf8c0aa1d1306051a18ace08d40279dadc1fb35",
"refsource": "MISC",
"url": "https://github.com/OpenMage/magento-lts/commit/9cf8c0aa1d1306051a18ace08d40279dadc1fb35"
}
]
},
"source": {
"advisory": "GHSA-52c6-6v3v-f3fg",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26295",
"datePublished": "2021-01-21T13:40:19",
"dateReserved": "2020-10-01T00:00:00",
"dateUpdated": "2024-08-04T15:56:03.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26285 (GCVE-0-2020-26285)
Vulnerability from cvelistv5 – Published: 2021-01-21 13:30 – Updated: 2024-08-04 15:56
VLAI?
Title
Widget instances allows a hacker to inject an executable file on the server on OpenMage
Summary
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an executable file on the server. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved
Severity ?
8.7 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenMage | magento-lts |
Affected:
< 19.4.10
Affected: >= 20.0.0, < 20.0.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:04.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-hj6w-xrv3-wjj9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/commit/4132668f5009f17456fe644742026f56d2297586"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "magento-lts",
"vendor": "OpenMage",
"versions": [
{
"status": "affected",
"version": "\u003c 19.4.10"
},
{
"status": "affected",
"version": "\u003e= 20.0.0, \u003c 20.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an executable file on the server. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-21T13:30:17",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-hj6w-xrv3-wjj9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenMage/magento-lts/commit/4132668f5009f17456fe644742026f56d2297586"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.10"
}
],
"source": {
"advisory": "GHSA-hj6w-xrv3-wjj9",
"discovery": "UNKNOWN"
},
"title": "Widget instances allows a hacker to inject an executable file on the server on OpenMage",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26285",
"STATE": "PUBLIC",
"TITLE": "Widget instances allows a hacker to inject an executable file on the server on OpenMage"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "magento-lts",
"version": {
"version_data": [
{
"version_value": "\u003c 19.4.10"
},
{
"version_value": "\u003e= 20.0.0, \u003c 20.0.5"
}
]
}
}
]
},
"vendor_name": "OpenMage"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an executable file on the server. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-hj6w-xrv3-wjj9",
"refsource": "CONFIRM",
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-hj6w-xrv3-wjj9"
},
{
"name": "https://github.com/OpenMage/magento-lts/commit/4132668f5009f17456fe644742026f56d2297586",
"refsource": "MISC",
"url": "https://github.com/OpenMage/magento-lts/commit/4132668f5009f17456fe644742026f56d2297586"
},
{
"name": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.10",
"refsource": "MISC",
"url": "https://github.com/OpenMage/magento-lts/releases/tag/v19.4.10"
}
]
},
"source": {
"advisory": "GHSA-hj6w-xrv3-wjj9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26285",
"datePublished": "2021-01-21T13:30:17",
"dateReserved": "2020-10-01T00:00:00",
"dateUpdated": "2024-08-04T15:56:04.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26252 (GCVE-0-2020-26252)
Vulnerability from cvelistv5 – Published: 2021-01-20 21:55 – Updated: 2024-08-04 15:56
VLAI?
Title
Layout XML RCE Vulnerability in OpenMage
Summary
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server and load it via layout xml. The latest OpenMage Versions up from 19.4.10 and 20.0.6 have this issue solved.
Severity ?
8.7 (High)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenMage | magento-lts |
Affected:
< 19.4.10
Affected: >= 20, < 20.0.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:03.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-99m6-r53j-4hh2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenMage/magento-lts/commit/0786aa48bc7b618cfe37b59f45e1da3714c533c3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "magento-lts",
"vendor": "OpenMage",
"versions": [
{
"status": "affected",
"version": "\u003c 19.4.10"
},
{
"status": "affected",
"version": "\u003e= 20, \u003c 20.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server and load it via layout xml. The latest OpenMage Versions up from 19.4.10 and 20.0.6 have this issue solved."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T21:55:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-99m6-r53j-4hh2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenMage/magento-lts/commit/0786aa48bc7b618cfe37b59f45e1da3714c533c3"
}
],
"source": {
"advisory": "GHSA-99m6-r53j-4hh2",
"discovery": "UNKNOWN"
},
"title": "Layout XML RCE Vulnerability in OpenMage",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26252",
"STATE": "PUBLIC",
"TITLE": "Layout XML RCE Vulnerability in OpenMage"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "magento-lts",
"version": {
"version_data": [
{
"version_value": "\u003c 19.4.10"
},
{
"version_value": "\u003e= 20, \u003c 20.0.6"
}
]
}
}
]
},
"vendor_name": "OpenMage"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server and load it via layout xml. The latest OpenMage Versions up from 19.4.10 and 20.0.6 have this issue solved."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-99m6-r53j-4hh2",
"refsource": "CONFIRM",
"url": "https://github.com/OpenMage/magento-lts/security/advisories/GHSA-99m6-r53j-4hh2"
},
{
"name": "https://github.com/OpenMage/magento-lts/commit/0786aa48bc7b618cfe37b59f45e1da3714c533c3",
"refsource": "MISC",
"url": "https://github.com/OpenMage/magento-lts/commit/0786aa48bc7b618cfe37b59f45e1da3714c533c3"
}
]
},
"source": {
"advisory": "GHSA-99m6-r53j-4hh2",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26252",
"datePublished": "2021-01-20T21:55:13",
"dateReserved": "2020-10-01T00:00:00",
"dateUpdated": "2024-08-04T15:56:03.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}