CVE-2020-15244

CVE-2020-15244 is a security vulnerability in all Magento 1.x versions and OpenMage versions prior to v19.4.8. User with access to backend can generate SOAP credentials that can be used to trigger Remote Code Execution via PHP Object Injection through product attributes and a product.

The issue is patched in OpenMage versions 19.4.8 and 20.0.4 and there is a Patch for CVE-2020-15244 available for older versions and Magento 1.x.

Note: Install this and any other missing patches with our Magento patch installation service or upgrade to OpenMage LTS v19.4.15 (released on August 26, 2021).

5.00 / 5 5
1 / 5
2 / 5
3 / 5
4 / 5
5 / 5

2 votes, 5.00 avg. rating (90% score)

Magentary

Magento 1.x Maintenance

Related Posts