What is CVE-2020-26252?

CVE-2020-26252 is a high-severity vulnerability in Openmage Magento-lts, classified under Path Traversal. CVSS score: 8.7/10. Published 2021-01-20.

How severe is CVE-2020-26252?

High severity. CVSS v3 base score is 8.7 out of 10.

Path Traversal in Openmage Magento-lts

CVE-2020-26252

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.017 (82.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N.

Affected products

Openmage Magento-lts — versions < 19.4.10, >= 20, < 20.0.6

Weakness classification (CWE)

References

github.com/OpenMage/magento-lts/security/advisories/GHSA-99m6-r53j-4hh2 (x_refsource_CONFIRM)
github.com/OpenMage/magento-lts/commit/0786aa48bc7b618cfe37b59f45e1da3714c533c3 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-26252?: CVE-2020-26252 is a high-severity vulnerability in Openmage Magento-lts, classified under Path Traversal. CVSS score: 8.7/10. Published 2021-01-20.
How severe is CVE-2020-26252?: High severity. CVSS v3 base score is 8.7 out of 10.