Colin Mollenhour

5 exploits Active since Jan 2023
CVE-2023-41879 WRITEUP HIGH WRITEUP
OpenMage Magento < 19.5.1 - Unauthenticated Order Access via Weak Protect Code
Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1.
CVSS 7.5
CVE-2021-41143 WRITEUP HIGH WRITEUP
OpenMage LTS <19.4.22-20.0.19 - RCE
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
CVSS 7.2
CVE-2021-41231 WRITEUP HIGH WRITEUP
OpenMage Magento < 19.4.22 - Authenticated Arbitrary Code Execution via DataFlow Convert Profile
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
CVSS 7.2
CVE-2023-41879 WRITEUP HIGH WRITEUP
OpenMage Magento < 19.5.1 - Unauthenticated Order Access via Weak Protect Code
Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1.
CVSS 7.5
CVE-2025-27400 WRITEUP LOW WRITEUP
Magento LTS <20.12.3-20.13.0 - Authenticated XSS
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerability that allows script execution in the admin panel which could lead to cross-site scripting against authenticated admin users. The attack requires an admin user with configuration access, so in practicality it is not very likely to be useful given that a user with this level of access is probably already a full admin. Versions 20.12.3 and 20.13.0 contain a patch for the issue.
CVSS 2.9