CNNVD-202602-550 Information
Feb 04, 2026
cve
CNNVD ID
CNNVD-202602-550
Related CVE
- CNNVD Published: 2026-02-04
Description (Chinese)
magento-lts是OpenMage开源的一个用于Magento CE官方版本的可靠替代品。 Magento-lts 20.16.1之前版本存在信息泄露漏洞,该漏洞源于在某些配置下可利用X-Original-Url标头发现管理员URL。
Description (English)
Magento-lts is a reliable alternative for the official version of Magento CE from OpenMage Open Source. There was a leak in the previous version of Magento-lts 20.16.1, which resulted from the use of the X-Organ-Url tab to find the administrator URL under certain configurations.
Hazard Level
High
Vulnerability Type
信息泄露
Affected Vendor
OpenMage
Published
2026-02-04
Last Modified
2026-02-24
References
https://github.com/OpenMage/magento-lts/security/advisories/GHSA-jg68-vhv3-9r8f https://hackerone.com/bugs?subject=openmage&report_id=3416312
Patch
https://github.com/OpenMage/magento-lts/releases
Share on: