Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2020-15244

In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.4%
CVSS Severity
CVSS v3 Score 8.0
CVSS v2 Score 6.5
Products affected by CVE-2020-15244


Contact Us

Shodan ® - All rights reserved