What is CVE-2020-26295?

CVE-2020-26295 is a high-severity vulnerability in Openmage Magento-lts, classified under Path Traversal. CVSS score: 8.7/10. Published 2021-01-21.

How severe is CVE-2020-26295?

High severity. CVSS v3 base score is 8.7 out of 10.

Path Traversal in Openmage Magento-lts

CVE-2020-26295

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.008 (73.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N.

Affected products

Openmage Magento-lts — versions < 19.4.10, >= 20.0.0, < 20.0.6

Weakness classification (CWE)

References

github.com/OpenMage/magento-lts/releases/tag/v19.4.10 (x_refsource_MISC)
github.com/OpenMage/magento-lts/security/advisories/GHSA-52c6-6v3v-f3fg (x_refsource_CONFIRM)
github.com/OpenMage/magento-lts/commit/9cf8c0aa1d1306051a18ace08d40279dadc1fb35 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-26295?: CVE-2020-26295 is a high-severity vulnerability in Openmage Magento-lts, classified under Path Traversal. CVSS score: 8.7/10. Published 2021-01-21.
How severe is CVE-2020-26295?: High severity. CVSS v3 base score is 8.7 out of 10.