CVE-2016-4010
🔴 Łataj teraz
Luka w Magento umożliwia zdalne wykonanie kodu PHP przez złośliwe dane koszyka.
CVSS
9.8
EPSS
86.9%
Exploit
poc
Vendor
magento
Opis źródłowy (NVD)
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.
exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 86.9% |
| Opublikowano (NVD) | 2017-01-23 21:59:01 UTC |
| Ostatnia modyfikacja (NVD) | 2026-05-13 00:24:29 UTC |
Referencje
- http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/ (cve@mitre.org) [Technical Description, Third Party Advisory]
- https://magento.com/security/patches/magento-206-security-update (cve@mitre.org) [Patch, Vendor Advisory]
- https://packetstormsecurity.com/files/137121/Magento-Unauthenticated-Arbitrary-File-Write.html (cve@mitre.org) [Exploit, Third Party Advisory, VDB Entry]
- https://packetstormsecurity.com/files/137312/Magento-2.0.6-Unserialize-Remote-Code-Execution.html (cve@mitre.org) [Exploit, Third Party Advisory, VDB Entry]
- https://www.exploit-db.com/exploits/39838/ (cve@mitre.org)