Short Name |
HTTP:CGI:MAGENTO-API-RCE |
---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Magento API unserialize Remote Code Execution |
Release Date |
2016/06/09 |
Update Number |
2738 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
A remote code execution vulnerability exists in the eCommerce platform Magento. Successful exploitation allows the attacker to write to arbitrary files.
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.