Published: 29/04/2015 Updated: 12/05/2015

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary SQL commands via the popularity[field_expr] parameter when the popularity[from] or popularity[to] parameter is set.

Vulnerable Product	Search on Vulmon	Subscribe to Product
magento magento 1.9.1.0
magento magento 1.14.1.0

################################################################################################## #Exploit Title : Magento Shoplift exploit (SUPEE-5344) #Author : Manish Kishan Tanwar AKA error1046 #Date : 25/08/2015 #Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Jagriti,Kishan Singh and ritu rathi #Debugged At ...

Magento Shoplift Vulnerability Exploit Disclaimer This repository contains a demonstration of the Magento Shoplift vulnerability exploit, also known as Magento Remote Code Execution (RCE) vulnerability This exploit is provided solely for educational purposes as part of an academic assignment It is not intended to be used for any malicious activities or to compromise any syste

CWE-89 https://blog.sucuri.net/2015/04/magento-shoplift-supee-5344-exploits-in-the-wild.html http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/http://magento.com/blog/technical/critical-security-advisory-remote-code-execution-rce-vulnerability http://www.securitytracker.com/id/1032194 https://nvd.nist.gov https://github.com/Hackhoven/Magento-Shoplift-Exploit https://www.exploit-db.com/exploits/37977/

CVE-2015-1397

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect