PT-2015-5264 · Magento · Magento Community Edition+1

Daniel Cid

Published

2015-04-29

Updated

2015-05-12

CVE-2015-1397

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Magento Community Edition (CE) version 1.9.1.0 Magento Enterprise Edition (EE) version 1.14.1.0

Description The issue allows remote administrators to execute arbitrary SQL commands. This is achieved via the popularity[field expr] parameter when either the popularity[from] or popularity[to] parameter is set. The getCsvFile function in the Mage Adminhtml Block Widget Grid class is affected.

Recommendations For Magento Community Edition (CE) version 1.9.1.0, avoid using the popularity[field expr] parameter in the affected function until the issue is resolved. For Magento Enterprise Edition (EE) version 1.14.1.0, restrict access to the getCsvFile function in the Mage Adminhtml Block Widget Grid class to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2015-1397

Affected Products

Magento Community Edition

Magento Enterprise Edition

PT-2015-5264 · Magento · Magento Community Edition+1

CVE-2015-1397

Weakness Enumeration

Related Identifiers

Affected Products

References · 7