CVE-2020-26252 - OpenMage is a community-driven alternative to Magento CE. In OpenMage bef - CVEs Blog

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server and load it via layout xml. The latest OpenMage Versions up from 19.4.10 and 20.0.6 have this issue solved.

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26252

Reference (s):

https://github.com/OpenMage/magento-lts/security/advisories/GHSA-99m6-r53j-4hh2
URL: https://github.com/OpenMage/magento-lts/security/advisories/GHSA-99m6-r53j-4hh2
https://github.com/OpenMage/magento-lts/commit/0786aa48bc7b618cfe37b59f45e1da3714c533c3
URL: https://github.com/OpenMage/magento-lts/commit/0786aa48bc7b618cfe37b59f45e1da3714c533c3

CVE-2020-26252 – OpenMage is a community-driven alternative to Magento CE. In OpenMage bef

Something Fresh

CVE-2004-1715 - Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 all

CVE-2020-27216 - In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 1

CVE-2020-27212 - STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect acce

What People Reading

CVE-2015-0320 - Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and

CVE-2015-0353 - Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.

CVE-2004-1715 - Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 all

CVE-2020-26296 - Vega is a visualization grammar, a declarative format for creating, savin

CVE-2020-25837 - Sensitive information disclosure vulnerability in Micro Focus Self Servic

Categories

Partners

Just add here your partners image or promo text