CVE-2016-4010

Name of the Vulnerable Software and Affected Versions Magento CE and EE versions prior to 2.0.6

Description The issue allows remote attackers to conduct PHP object injection attacks, enabling them to execute arbitrary PHP code. This is achieved by sending crafted serialized shopping cart data.

Recommendations For versions prior to 2.0.6, update to version 2.0.6 or later to resolve the issue.