cbcvebase.
CVE-2021-41144
published 2023-01-27

CVE-2021-41144: OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code…

PriorityP352high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.17%
63.4th percentile
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue.

Affected

6 ranges
VendorProductVersion rangeFixed in
openmagemagento< 19.4.2219.4.22
openmagemagento>= 20.0.0 < 20.0.1920.0.19
openmagemagento-lts< 19.4.2219.4.22
openmagemagento-lts
openmagemagento-lts>= 0 < 19.4.2219.4.22
openmagemagento-lts>= 20.0.0 < 20.0.1920.0.19
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.