CVE-2016-4010

Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via…

mitre·CWE-74·Published 2017-01-23

CVSS

—

EPSS

0.93

KEV

Exploits

cve.orgen

171 chars

Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.

NVDen

171 chars

Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.

NVDes

224 chars

Magento CE y EE en versiones anteriores a 2.0.6 permite a atacantes remotos llevar a cabo ataques de inyección de objeción de PHP y ejecutar código PHP arbitrario a través de la manipulación de los datos del carro de compra.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.0	Primary	NVD	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H