{"api_version":"1","generated_at":"2026-04-21T15:42:51+00:00","cve":"CVE-2020-26295","urls":{"html":"https://cve.report/CVE-2020-26295","api":"https://cve.report/api/cve/CVE-2020-26295.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-26295","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-26295"},"summary":{"title":"CVE-2020-26295","description":"OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved","state":"PUBLIC","assigner":"security-advisories@github.com","published_at":"2021-01-21 14:15:00","updated_at":"2021-01-28 16:19:00"},"problem_types":["CWE-22","CWE-434"],"metrics":[],"references":[{"url":"https://github.com/OpenMage/magento-lts/commit/9cf8c0aa1d1306051a18ace08d40279dadc1fb35","name":"https://github.com/OpenMage/magento-lts/commit/9cf8c0aa1d1306051a18ace08d40279dadc1fb35","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"Merge pull request from GHSA-52c6-6v3v-f3fg · OpenMage/magento-lts@9cf8c0a · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/OpenMage/magento-lts/security/advisories/GHSA-52c6-6v3v-f3fg","name":"https://github.com/OpenMage/magento-lts/security/advisories/GHSA-52c6-6v3v-f3fg","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"CMS Editor code execution · Advisory · OpenMage/magento-lts · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://github.com/OpenMage/magento-lts/releases/tag/v19.4.10","name":"https://github.com/OpenMage/magento-lts/releases/tag/v19.4.10","refsource":"MISC","tags":["Third Party Advisory"],"title":"Release v19.4.10 · OpenMage/magento-lts · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-26295","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26295","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"26295","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openmage","cpe5":"openmage","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"26295","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openmage","cpe5":"openmage","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security-advisories@github.com","ID":"CVE-2020-26295","STATE":"PUBLIC","TITLE":"CMS Editor code execution"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"magento-lts","version":{"version_data":[{"version_value":"< 19.4.10"},{"version_value":">= 20.0.0, < 20.0.6"}]}}]},"vendor_name":"OpenMage"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved"}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]},{"description":[{"lang":"eng","value":"CWE-434 Unrestricted Upload of File with Dangerous Type"}]}]},"references":{"reference_data":[{"name":"https://github.com/OpenMage/magento-lts/releases/tag/v19.4.10","refsource":"MISC","url":"https://github.com/OpenMage/magento-lts/releases/tag/v19.4.10"},{"name":"https://github.com/OpenMage/magento-lts/security/advisories/GHSA-52c6-6v3v-f3fg","refsource":"CONFIRM","url":"https://github.com/OpenMage/magento-lts/security/advisories/GHSA-52c6-6v3v-f3fg"},{"name":"https://github.com/OpenMage/magento-lts/commit/9cf8c0aa1d1306051a18ace08d40279dadc1fb35","refsource":"MISC","url":"https://github.com/OpenMage/magento-lts/commit/9cf8c0aa1d1306051a18ace08d40279dadc1fb35"}]},"source":{"advisory":"GHSA-52c6-6v3v-f3fg","discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2021-01-21 14:15:00","lastModifiedDate":"2021-01-28 16:19:00","problem_types":["CWE-22","CWE-434"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openmage:openmage:*:*:*:*:lts:*:*:*","versionEndExcluding":"19.4.10","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openmage:openmage:*:*:*:*:lts:*:*:*","versionStartIncluding":"20.0.0","versionEndExcluding":"20.0.5","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"26295","Ordinal":"187717","Title":"CVE-2020-26295","CVE":"CVE-2020-26295","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"26295","Ordinal":"1","NoteData":"OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved","Type":"Description","Title":null},{"CveYear":"2020","CveId":"26295","Ordinal":"2","NoteData":"2021-01-21","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"26295","Ordinal":"3","NoteData":"2021-01-21","Type":"Other","Title":"Modified"}]}}}