cbcvebase.
CVE-2021-41143
published 2023-01-27

CVE-2021-41143: OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the…

PriorityP340high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.29%
66.7th percentile
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue.

Affected

6 ranges
VendorProductVersion rangeFixed in
openmagemagento< 19.4.2219.4.22
openmagemagento>= 20.0.0 < 20.0.1920.0.19
openmagemagento-lts< 19.4.2219.4.22
openmagemagento-lts
openmagemagento-lts>= 0 < 19.4.2219.4.22
openmagemagento-lts>= 20.0.0 < 20.0.1920.0.19
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.