Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

magento-lts — Vulnerabilities & Security Advisories 24

All 24 CVE vulnerabilities found in magento-lts, with AI-generated Chinese analysis, references, and POCs.

Vendor: OpenMage

CVE IDTitleCVSSSeverityPublished
CVE-2026-40488 OpenMage LTS has Customer File Upload Extension Blocklist Bypass that Leads to Remote Code Execution CWE-434 9.8AICriticalAI2026-04-20
CVE-2026-40098 OpenMage LTS imports cross-user wishlist item via shared wishlist code, leading to private option disclosure and file-disclosure variant CWE-862 8.1AIHighAI2026-04-20
CVE-2026-25525 OpenMage LTS has Path Traversal Filter Bypass in Dataflow Module CWE-22 4.9 Medium2026-04-20
CVE-2026-25524 OpenMage LTS's Phar Deserialization leads to Remote Code Execution CWE-502 8.1 High2026-04-20
CVE-2026-25523 Magento's X-Original-Url header can expose admin url CWE-200 5.3 Medium2026-02-04
CVE-2025-64174 OpenMage is vulnerable to XSS in Admin Notifications CWE-79 4.8 -2025-11-06
CVE-2025-27400 Magento vulnerable to stored XSS in theme config fields CWE-79 2.9 Low2025-02-28
CVE-2024-41676 Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs CWE-79 4.1 Medium2024-07-29
CVE-2023-41879 Magento LTS's guest order "protect code" can be brute-forced too easily CWE-330 7.5 High2023-09-11
CVE-2023-23617 OpenMage LTS has DoS vulnerability in MaliciousCode filter CWE-835 4.9 Medium2023-01-27
CVE-2021-41231 OpenMage LTS DataFlow upload remote code execution vulnerability CWE-77 7.2 High2023-01-27
CVE-2021-41144 OpenMage LTS authenticated remote code execution through layout update CWE-77 8.8 High2023-01-27
CVE-2021-41143 OpenMage LTS arbitrary file deletion in customer media allows for remote code execution CWE-77 7.2 High2023-01-27
CVE-2021-39217 OpenMage LTS arbitrary command execution in custom layout update through blocks CWE-77 7.2 High2023-01-27
CVE-2021-21395 Magneto-lts vulnerable to Cross-Site Request Forgery CWE-352 4.2 Medium2023-01-27
CVE-2021-32759 Data Flow Sanitation Issue Fix CWE-20 7.2 High2021-08-27
CVE-2021-32758 Layout XML Arbitrary Code Fix CWE-91 7.2 High2021-08-27
CVE-2021-21427 Backport for CVE-2021-21024 Blind SQLi from Magento 2 CWE-89 9.1 Critical2021-04-21
CVE-2021-21426 Fixes a bug in Zend Framework's Stream HTTP Wrapper CWE-502 9.8 Critical2021-04-21
CVE-2020-26295 CMS Editor code execution CWE-22 8.7 High2021-01-21
CVE-2020-26285 Widget instances allows a hacker to inject an executable file on the server on OpenMage CWE-22 8.7 High2021-01-21
CVE-2020-26252 Layout XML RCE Vulnerability in OpenMage CWE-22 8.7 High2021-01-20
CVE-2020-15244 RCE in Magento CWE-502 8.0 High2020-10-21
CVE-2020-15151 Observable Timing Discrepancy in OpenMage LTS CWE-203 8.0 High2020-08-19

All 24 known CVE vulnerabilities affecting magento-lts with full Chinese analysis, references, and POCs where available.