mark-netalico
published
GHSA-jrgf-vfw2-hj26Oct 21, 2020
Package
No package listed
Affected versions
< 19.4.7, 20 < 20.0.3
Patched versions
< 19.4.8, 20 < 20.0.4
Description
Impact
This vulnerability allows an admin user to generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product.
Patches
The latest OpenMage Versions up from 19.4.7 and 20.0.3 have this Issue solved
Impact
This vulnerability allows an admin user to generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product.
Patches
The latest OpenMage Versions up from 19.4.7 and 20.0.3 have this Issue solved
Credits
Credit to Luke Rodgers for reporting