CVE-2020-15244 — Injection in Magento-lts

CWE-74 — Injection CWE-502 — Deserialization of Untrusted Data4 documents4 sources

Severity

7.2HIGHNVD

CNA8.0

EPSS

0.9%

top 24.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openmage Magento-lts Openmage Magento

Timeline

PublishedOct 21

Latest updateOct 30

Description

In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

▶NVDopenmage/magento20.0.0 — 20.0.4+1

▶CVEListV5openmage/magento-lts< 19.4.8+1

▶Packagistopenmage/magento-lts20.0.0 — 20.0.4+1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

RCE via PHP Object injection via SOAP Requests↗2020-10-30

▶

OSV

RCE via PHP Object injection via SOAP Requests↗2020-10-30

▶

CVEList

RCE in Magento↗2020-10-21

▶