Fabrizio Balliano

6 exploits Active since Jan 2023
CVE-2023-41879 WRITEUP HIGH WRITEUP
OpenMage Magento < 19.5.1 - Unauthenticated Order Access via Weak Protect Code
Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1.
CVSS 7.5
CVE-2021-39217 WRITEUP HIGH WRITEUP
OpenMage LTS < 19.4.22 - Authenticated Remote Code Execution via Custom Layout Block Methods
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue.
CVSS 7.2
CVE-2021-41143 WRITEUP HIGH WRITEUP
OpenMage LTS <19.4.22-20.0.19 - RCE
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
CVSS 7.2
CVE-2023-23617 WRITEUP MEDIUM WRITEUP
OpenMage Magento < 19.4.22 - Denial of Service via Malicious Code Filter Infinite Loop
OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds.
CVSS 4.9
CVE-2023-41879 WRITEUP HIGH WRITEUP
OpenMage Magento < 19.5.1 - Unauthenticated Order Access via Weak Protect Code
Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1.
CVSS 7.5
CVE-2025-58449 WRITEUP HIGH WRITEUP
Maho < 25.9.0 - Authenticated Remote Code Execution via Malicious PHP File Upload
Maho is a free and open source ecommerce platform. In Maho prior to 25.9.0, an authenticated staff user with access to the `Dashboard` and `Catalog\Manage Products` permissions can create a custom option on a listing with a file input field. By allowing file uploads with a `.php` extension, the user can use the filed to upload malicious PHP files, gaining remote code execution. Version 25.9.0 fixes the issue.