PT-2023-12374 · Unknown · Openmage Lts
Highmark-Netalico
·
Published
2023-01-27
·
Updated
2023-07-17
·
CVE-2021-41143
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenMage LTS versions prior to 19.4.22
OpenMage LTS versions prior to 20.0.19
Description
The issue affects OpenMage LTS, an e-commerce platform. Magento admin users with access to the customer media could execute code on the server.
Recommendations
For versions prior to 19.4.22, update to version 19.4.22 or later.
For versions prior to 20.0.19, update to version 20.0.19 or later.
Fix
Command Injection
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openmage Lts