Mark Lewis

3 exploits Active since Jan 2023
CVE-2021-39217 WRITEUP HIGH WRITEUP
Openmage Magento < 19.4.22 - Command Injection
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue.
CVSS 7.2
CVE-2021-41144 WRITEUP HIGH WRITEUP
OpenMage LTS <20.0.19 - RCE
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
CVSS 8.8
CVE-2021-41231 WRITEUP HIGH WRITEUP
OpenMage LTS <20.0.19 - RCE
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
CVSS 7.2