Short Name |
HTTP:CGI:MAGENTO-RCE |
---|---|
Severity |
Minor |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Magento Web Application Parameter Remote Code Execution |
Release Date |
2016/01/21 |
Update Number |
2624 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects an attempt to a known vulnerability in Magento Web Application through a crafted parameter. Successful exploitation could allow an attacker to cause remote code execution into the context of running application.
Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote attackers to bypass authentication via the forwarded parameter.