CVE-2020-15244
published 2020-10-21CVE-2020-15244: In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger…
PriorityP339high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.25%
65.6th percentile
In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openmage | magento | <= 19.4.8 | — |
| openmage | magento | >= 20.0.0 < 20.0.4 | 20.0.4 |
| openmage | magento-lts | < 19.4.8 | 19.4.8 |
| openmage | magento-lts | — | — |
| openmage | magento-lts | >= 0 < 19.4.8 | 19.4.8 |
| openmage | magento-lts | >= 20.0.0 < 20.0.4 | 20.0.4 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
RCE via PHP Object injection via SOAP Requests
ghsa·2020-10-30
CVE-2020-15244 [HIGH] CWE-502 RCE via PHP Object injection via SOAP Requests
RCE via PHP Object injection via SOAP Requests
### Impact
This vulnerability allows an admin user to generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product.
### Patches
The latest OpenMage Versions up from 19.4.7 and 20.0.3 have this Issue solved
### Credits
Credit to Luke Rodgers for reporting
OSV
RCE via PHP Object injection via SOAP Requests
osv·2020-10-30
CVE-2020-15244 [HIGH] RCE via PHP Object injection via SOAP Requests
RCE via PHP Object injection via SOAP Requests
### Impact
This vulnerability allows an admin user to generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product.
### Patches
The latest OpenMage Versions up from 19.4.7 and 20.0.3 have this Issue solved
### Credits
Credit to Luke Rodgers for reporting
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/OpenMage/magento-lts/commit/26433d15b57978fcb7701b5f99efe8332ca8630bhttps://github.com/OpenMage/magento-lts/security/advisories/GHSA-jrgf-vfw2-hj26https://github.com/OpenMage/magento-ltshttps://github.com/OpenMage/magento-lts/commit/26433d15b57978fcb7701b5f99efe8332ca8630bhttps://github.com/OpenMage/magento-lts/security/advisories/GHSA-jrgf-vfw2-hj26
2020-10-21
Published