pkg:Packagist/openmage/magento-lts

共 24 筆 CVECRITICAL2HIGH9MEDIUM7LOW1

✅ 檢查你的版本

所有已知漏洞

  • CRITICAL9.8CVE-2021-21426Fixes a bug in Zend Framework's Stream HTTP Wrapper
    from 0, < 19.4.13
  • CRITICAL9.1CVE-2021-21427Backport for CVE-2021-21024 Blind SQLi from Magento 2
    from 0, < 19.4.13
  • HIGH8.8CVE-2026-40488OpenMage LTS: Customer File Upload Extension Blocklist Bypass → Remote Code Execution
    from 0, < 20.17.0
  • HIGH8.8CVE-2021-41144Fix for authenticated remote code execution through layout update
    from 0, < 19.4.22
  • HIGH8.1CVE-2026-25524OpenMage LTS: Phar Deserialization leads to Remote Code Execution
    from 0, < 20.17.0
  • HIGH8.0CVE-2020-15244RCE via PHP Object injection via SOAP Requests
    from 0, < 19.4.8
  • HIGH8.0CVE-2020-15151Observable Timing Discrepancy in OpenMage LTS
    from 0, < 19.4.6
  • HIGH7.5CVE-2023-41879Magento LTS's guest order "protect code" can be brute-forced too easily
    from 0, < 19.5.1
  • HIGH7.2CVE-2021-41231DataFlow upload remote code execution vulnerability
    from 0, < 19.4.22
  • HIGH7.2CVE-2021-41143Fix for arbitrary file deletion in customer media allows for remote code execution
    from 0, < 19.4.22
  • HIGH7.2CVE-2021-39217Fix for arbitrary command execution in custom layout update through blocks
    from 0, < 19.4.22
  • MEDIUM6.1CVE-2026-42207Magento LTS Vulnerable to Open Redirect via Unvalidated `uenc` Parameter in `stockAction()`
    from 0, < 20.18.0
  • MEDIUM5.4CVE-2026-40098OpenMage LTS: Cross-user wishlist import leads to private option & file disclosure
    from 0, < 20.17.0
  • MEDIUM5.3CVE-2026-25523Magento's X-Original-Url header can expose admin url
    from 0, < 20.16.1
  • MEDIUM4.9CVE-2026-25525OpenMage LTS has a Path Traversal Filter Bypass in Dataflow Module
    from 0, < 20.17.0
  • MEDIUM4.9CVE-2023-23617DoS vulnerability in MaliciousCode filter
    from 0, < 19.4.22
  • MEDIUM4.3CVE-2021-21395magento-lts Reset Password not protected against well-timed CSRF
    from 0, < 19.4.22
  • MEDIUM4.1CVE-2024-41676Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs
    from 0, < 20.10.1
  • LOW2.9CVE-2025-27400Magento LTS vulnerable to stored XSS in theme config fields
    from 0, < 20.12.3
  • CVE-2026-42458Magento LTS: Reflected XSS - Import -> Data Flow (profiles)
    from 0, < 20.18.0
  • CVE-2026-42155Magento LTS has Weak API Session ID — Predictable MD5 of Time-Derived Inputs
    from 0, < 20.18.0
  • CVE-2025-64174OpenMage vulnerable to XSS in Admin Notifications
    from 0, < 20.16.0
  • CVE-2021-32758Layout XML Arbitrary Code Fix
    from 0, < 19.4.15
  • CVE-2021-32759Data Flow Sanitation Issue Fix
    from 0, < 19.4.15