Magento · Magento-Lts · CVE-2020-15244
**Name of the Vulnerable Software and Affected Versions**
magento-lts versions prior to 19.4.8
magento-lts versions prior to 20.0.4
**Description**
The issue allows an admin user to generate soap credentials that can be used to trigger remote code execution (RCE) via PHP Object Injection through product attributes and a product.
**Recommendations**
For versions prior to 19.4.8, update to version 19.4.8 or later.
For versions prior to 20.0.4, update to version 20.0.4 or later.