Описание
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
Ссылки
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 19.4.22 (исключая)Версия от 20.0.0 (включая) до 20.0.19 (исключая)
Одно из
cpe:2.3:a:openmage:magento:*:*:*:*:lts:*:*:*
cpe:2.3:a:openmage:magento:*:*:*:*:lts:*:*:*
EPSS
Процентиль: 63%
0.00442
Низкий
7.2 High
CVSS3
Дефекты
CWE-77
CWE-22
Связанные уязвимости
CVSS3: 7.2
github
около 3 лет назад
Fix for arbitrary file deletion in customer media allows for remote code execution
EPSS
Процентиль: 63%
0.00442
Низкий
7.2 High
CVSS3
Дефекты
CWE-77
CWE-22