PT-2020-7874 · Magento · Magento Community Edition+1
Egidio Romano
·
Published
2020-01-15
·
Updated
2022-05-24
·
CVE-2015-6497
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Magento Community Edition versions prior to 1.9.2.1
Magento Enterprise Edition versions prior to 1.14.2.1
PHP versions prior to 5.4.24 or 5.5.8
Description:
The issue allows remote authenticated users to execute arbitrary PHP code via the
productData parameter to the index.php/api/v2 soap endpoint. This is due to a problem in the create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php.Recommendations:
For Magento Community Edition versions prior to 1.9.2.1, update to version 1.9.2.1 or later.
For Magento Enterprise Edition versions prior to 1.14.2.1, update to version 1.14.2.1 or later.
For PHP versions prior to 5.4.24 or 5.5.8, update to version 5.4.24, 5.5.8, or later.
As a temporary workaround, consider restricting access to the
index.php/api/v2 soap endpoint until a patch is available.Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Magento Community Edition
Magento Enterprise Edition