CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-41879 – Magento LTS's guest order "protect code" can be brute-forced too easily
https://notcve.org/view.php?id=CVE-2023-41879
Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1. • https://github.com/OpenMage/magento-lts/commit/2a2a2fb504247e8966f8ffc2e17d614be5d43128 https://github.com/OpenMage/magento-lts/commit/31e74ac5d670b10001f88f038046b62367f15877 https://github.com/OpenMage/magento-lts/releases/tag/v19.5.1 https://github.com/OpenMage/magento-lts/releases/tag/v20.1.1 https://github.com/OpenMage/magento-lts/security/advisories/GHSA-9358-cpvx-c2qp • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2021-36036 – Magento Commerce Media Gallery Upload Improper Access Control Could Lead To Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-36036
Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper access control vulnerability within Magento's Media Gallery Upload workflow. By storing a specially crafted file in the website gallery, an authenticated attacker with administrative privilege can gain access to delete the .htaccess file. This could result in the attacker achieving remote code execution. Las versiones 2.4.2 (y anteriores), 2.4.2-p1 (y anteriores) y 2.3.7 (y anteriores) de Magento están afectadas por una vulnerabilidad de control de acceso incorrecta dentro del flujo de trabajo de Magento's Media Gallery Upload. Al almacenar un archivo especialmente manipulado en la galería del sitio web, un atacante autenticado con privilegios administrativos puede obtener acceso para eliminar el archivo .htaccess. • https://helpx.adobe.com/security/products/magento/apsb21-64.html • CWE-284: Improper Access Control •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2021-36021 – Magento Commerce CMS Page Improper Input Validation Could Lead To Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-36021
Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper input validation vulnerability within the CMS page scheduled update feature. An authenticated attacker with administrative privilege could leverage this vulnerability to achieve remote code execution on the system. Las versiones 2.4.2 (y anteriores), 2.4.2-p1 (y anteriores) y 2.3.7 (y anteriores) de Magento están afectadas por una vulnerabilidad de validación de entrada Incorrecta dentro de la función de actualización programada de la página CMS. Un atacante autenticado con privilegios administrativos podría aprovechar esta vulnerabilidad para lograr la ejecución remota de código en el sistema. • https://helpx.adobe.com/security/products/magento/apsb21-64.html • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2021-36023 – Magento Commerce Widgets Update Layout XML Injection Vulnerability Could Lead To Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-36023
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. Las versiones 2.4.2 (y anteriores), 2.4.2-p1 (y anteriores) y 2.3.7 (y anteriores) de Magento Commerce están afectadas por una vulnerabilidad de inyección XML en el diseño de actualización de widgets. Un atacante con privilegios de administrador puede desencadenar un script especialmente manipulado para lograr la ejecución remota de código. • https://helpx.adobe.com/security/products/magento/apsb21-64.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23617 – OpenMage LTS has DoS vulnerability in MaliciousCode filter
https://notcve.org/view.php?id=CVE-2023-23617
OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds. OpenMage LTS es una plataforma de comercio electrónico. • https://github.com/OpenMage/magento-lts/commit/494027785bdb7db53e60c11ef03c144b61cd3172 https://github.com/OpenMage/magento-lts/releases/tag/v19.4.22 https://github.com/OpenMage/magento-lts/releases/tag/v20.0.19 https://github.com/OpenMage/magento-lts/security/advisories/GHSA-3p73-mm7v-4f6m • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •