cbcvebase.
CVE-2021-39217
published 2023-01-27

CVE-2021-39217: OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block…

PriorityP344high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.32%
67.3th percentile
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue.

Affected

6 ranges
VendorProductVersion rangeFixed in
openmagemagento< 19.4.2219.4.22
openmagemagento>= 20.0.0 < 20.0.1920.0.19
openmagemagento-lts< 19.4.2219.4.22
openmagemagento-lts
openmagemagento-lts>= 0 < 19.4.2219.4.22
openmagemagento-lts>= 20.0.0 < 20.0.1920.0.19
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.