What is CVE-2020-26285?

CVE-2020-26285 is a high-severity vulnerability in Openmage Magento-lts, classified under Path Traversal. CVSS score: 8.7/10. Published 2021-01-21.

How severe is CVE-2020-26285?

High severity. CVSS v3 base score is 8.7 out of 10.

Path Traversal in Openmage Magento-lts

CVE-2020-26285

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.019 (83.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N.

Affected products

Openmage Magento-lts — versions < 19.4.10, >= 20.0.0, < 20.0.5

Weakness classification (CWE)

References

github.com/OpenMage/magento-lts/security/advisories/GHSA-hj6w-xrv3-wjj9 (x_refsource_CONFIRM)
github.com/OpenMage/magento-lts/commit/4132668f5009f17456fe644742026f56d2297586 (x_refsource_MISC)
github.com/OpenMage/magento-lts/releases/tag/v19.4.10 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-26285?: CVE-2020-26285 is a high-severity vulnerability in Openmage Magento-lts, classified under Path Traversal. CVSS score: 8.7/10. Published 2021-01-21.
How severe is CVE-2020-26285?: High severity. CVSS v3 base score is 8.7 out of 10.