Miesiące później Stanisław stał się nieodłączną częścią życia Anny. Razem sadzili kwiaty, gotowali, a Borys co noc zasypiał u ich stóp. Smutek nie zniknął całkowicie, ale sta# CVE-2020-15139
## Metadata
| Published | Last Modified | Assigner | Version | Format |
| ——— | ————- | ——– | ——- | —— |
| 2020-08-13 | 2020-08-21 | [email protected] | 4.0 | MITRE |
## Description
| Language | Description |
| ——– | ———– |
| en | In openmage before 19.4.6 and 20.0.2, an admin user with permission to import/export data could use XML upload to execute arbitrary PHP code. This has been patched in versions 19.4.6 and 20.0.2. |
## Configurations
| Vulnerable | CPE 22 URI | CPE 23 URI | CPE Name | Version Start Including | Version End Including | Version Start Excluding | Version End Excluding | Operator |
| ———- | ———- | ———- | ——– | ———————– | ——————— | ———————– | ——————— | ——– |
| True cpe:2.3:a:openmage:openmage:*:*:*:*:*:*:*:* | [] | 20.0.0 | 20.0.2 | OR |
| True cpe:2.3:a:openmage:openmage:*:*:*:*:*:*:*:* | [] 19.4.6 | OR |
## CVSSv3 Information
| Score | Severity | Impact Score | Exploitability Score | Vector String | Version | Attack Vector | Attack Complexity | Privileges Required | User Interaction | Scope | Confidentiality Impact | Integrity Impact | Availability Impact |
| —– | ——– | ———— | ——————– | ————- | ——- | ————- | —————– | ——————- | —————- | —– | ———————- | —————- | ——————- |
| 7.2 | HIGH | 5.9 | 1.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 3.1 | NETWORK | LOW | HIGH | NONE | UNCHANGED | HIGH | HIGH | HIGH |
## CVSSv2 Information
| Score | Severity | Impact Score | Exploitability Score | Vector String | Version | Access Vector | Access Complexity | Authentication | User Interaction Required | Obtain All Privilge | Obtain User Privilege | Obtain Other Privilege | Confidentiality Impact | Integrity Impact | Availability Impact |
| —– | ——– | ———— | ——————– | ————- | ——- | ————- | —————– | ————– | ————————- | ——————- | ——————— | ———————- | ———————- | —————- | ——————- |
| 6.5 | MEDIUM | 6.4 | 8.0 | AV:N/AC:L/Au:S/C:P/I:P/A:P | 2.0 | NETWORK | LOW | SINGLE | False | False | False | False | PARTIAL | PARTIAL | PARTIAL |
## Problem Type
CWE-94
## References
| Name | Reference URL | Reference Source | Tags |
| —- | ————- | —————- | —- |
https://github.com/OpenMage/magento-lts/security/advisories/GHSA-46c5-3pfq-4wq7|https://github.com/OpenMage/magento-lts/security/advisories/GHSA-46c5-3pfq-4wq7|CONFIRM|[‘Third Party Advisory’]
https://github.com/OpenMage/magento-lts/commit/1b8b3d60f8e33e112db9b1a5a0e28c5d8b1791eb|https://github.com/OpenMage/magento-lts/commit/1b8b3d60f8e33e112db9b1a5a0e28c5d8b1791eb|MISC|[‘Patch’, ‘Third Party Advisory’]
![Nowe związki partnerskie. To kpina z obywatelek i obywateli [KOMENTARZ]](https://cdn.kobieta.onet.pl/1/yXqk9lBaHR0cHM6Ly9vY2RuLmV1L3B1bHNjbXMvTURBXy9iMTJkMzk3ZDZmMTViY2Y2YTA5Mzc2ZWY1MGEwNjkwNi5qcGeSlQNePs0Hcs0EMJMFzQlgzQZA3gACoTAHoTEE)
