Filtered by vendor Openmage
Subscriptions
Filtered by product Magento
Subscriptions
Total
21 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15244 | 1 Openmage | 1 Magento | 2024-11-21 | 8 High |
| In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4. | ||||