CWE
91
Advisory Published
Updated

CVE-2021-32758: Layout XML Arbitrary Code Fix

First published: Fri Aug 27 2021(Updated: )

OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched.

Credit: security-advisories@github.com

Affected SoftwareAffected VersionHow to fix
Openmage Openmage<19.4.15
Openmage Openmage>=20.0.00<20.0.11

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2021-32758?

    CVE-2021-32758 is a vulnerability in OpenMage Magento LTS that allows admin users to execute arbitrary commands via block methods.

  • How severe is CVE-2021-32758?

    CVE-2021-32758 has a severity rating of 7.2, which is classified as critical.

  • Is my version of OpenMage affected by CVE-2021-32758?

    If your OpenMage version is prior to 19.4.15 or between 20.0.00 and 20.0.11, then it is affected by CVE-2021-32758.

  • How can I fix CVE-2021-32758?

    To fix CVE-2021-32758, you should update your OpenMage version to the latest release, starting from v19.4.15 or v20.0.11, as they have patched this issue.

  • Where can I find more information about CVE-2021-32758?

    You can find more information about CVE-2021-32758 on the OpenMage GitHub repository, including the patched versions and security advisories.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203