Magento CE and EE prior to 2.0.6 allows remote malicious users to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
magento magento |
Flaw was rated 9.8/10 as it allowed complete re-write of online stores
Independent security researcher Nethanel Rubin has reported a since-patched vulnerability in eBay's Magento e-commerce platform that could have allowed hackers to compromise retailers. The vulnerability (CVE-2016-4010) is fixed in version 2.0.6 issued overnight. Magento handed the flaw a 9.8 out of 10 severity score explaining that the platform installation code is no longer accessible once the installation process is complete. "Previously, an unauthenticated user or user with minimal permission...