CVE-2020-15244

Posted on 2020년 10월 22일2020년 10월 22일 by admin

CVE-2020-15244

In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4.

Source: CVE-2020-15244

답글 남기기 응답 취소