Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:CGI:MAGENTO-API-RCE
Severity	Major
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	Magento API unserialize Remote Code Execution
Release Date	2016/06/09
Update Number	2738
Supported Platforms	idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Magento API unserialize Remote Code Execution

A remote code execution vulnerability exists in the eCommerce platform Magento. Successful exploitation allows the attacker to write to arbitrary files.

Extended Description

Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.

Affected Products

Magento magento 2.0.5

References

CVE: CVE-2016-4010

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Magento API unserialize Remote Code Execution

Extended Description

Affected Products

References