CVE-2020-26295 — Path Traversal in Magento-lts

CWE-22 — Path Traversal CWE-434 — Unrestricted File Upload2 documents2 sources

Severity

7.2HIGHNVD

CNA8.7

EPSS

0.8%

top 26.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openmage Magento-lts Openmage

Timeline

PublishedJan 21

Description

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5openmage/magento-lts< 19.4.10+1

▶NVDopenmage/openmage20.0.0 — 20.0.5+1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

CMS Editor code execution↗2021-01-21

▶