PT-2023-12375 · Unknown · Openmage Lts
Highmark-Netalico
·
Published
2023-01-27
·
Updated
2023-02-06
·
CVE-2021-41144
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenMage LTS versions prior to 19.4.22
OpenMage LTS versions prior to 20.0.19
Description
The issue allows a layout block to bypass the block blacklist, enabling the execution of remote code. This is a significant problem for an e-commerce platform like OpenMage LTS.
Recommendations
For versions prior to 19.4.22, update to version 19.4.22 or later to resolve the issue.
For versions prior to 20.0.19, update to version 20.0.19 or later to resolve the issue.
As a temporary workaround, consider restricting access to layout blocks until a patch is applied.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openmage Lts