PT-2017-8442 · Magento · Magento Ce+1
Agix
+1
·
Published
2017-01-23
·
Updated
2017-09-07
·
CVE-2016-4010
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Magento CE and EE versions prior to 2.0.6
Description
The issue allows remote attackers to conduct PHP object injection attacks, enabling them to execute arbitrary PHP code. This is achieved by sending crafted serialized shopping cart data.
Recommendations
For versions prior to 2.0.6, update to version 2.0.6 or later to resolve the issue.
Exploit
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Magento Ce
Magento Ee