Vulnerabilities > Openmage > Magento > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-11 CVE-2023-41879 Unspecified vulnerability in Openmage Magento
Magento LTS is the official OpenMage LTS codebase.
network
low complexity
openmage
7.5
7.5
2023-01-28 CVE-2023-23617 Unspecified vulnerability in Openmage Magento
OpenMage LTS is an e-commerce platform.
network
low complexity
openmage
7.5
7.5
2023-01-27 CVE-2021-41143 Path Traversal vulnerability in Openmage Magento
OpenMage LTS is an e-commerce platform.
network
low complexity
openmage CWE-22
7.2
7.2
2023-01-27 CVE-2021-41144 Command Injection vulnerability in Openmage Magento
OpenMage LTS is an e-commerce platform.
network
low complexity
openmage CWE-77
8.8
8.8
2023-01-27 CVE-2021-41231 Unrestricted Upload of File with Dangerous Type vulnerability in Openmage Magento
OpenMage LTS is an e-commerce platform.
network
low complexity
openmage CWE-434
7.2
7.2
2023-01-27 CVE-2021-39217 Unspecified vulnerability in Openmage Magento
OpenMage LTS is an e-commerce platform.
network
low complexity
openmage
7.2
7.2
2021-04-21 CVE-2021-21427 Unspecified vulnerability in Openmage Magento
Magento-lts is a long-term support alternative to Magento Community Edition (CE).
network
low complexity
openmage
7.2
7.2
2020-10-21 CVE-2020-15244 Deserialization of Untrusted Data vulnerability in Openmage Magento
In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product.
network
low complexity
openmage CWE-502
7.2
7.2