Vulners
Lucene search
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize -> Arbitrary Write File | 18 May 201600:00 | – | zdt |
 | CVE-2016-4010 | 18 May 201600:00 | – | circl |
 | Magento Arbitrary File Write Vulnerability | 19 May 201600:00 | – | cnvd |
 | Magento API unserialize Remote Code Execution (CVE-2016-4010) | 29 May 201600:00 | – | checkpoint_advisories |
 | CVE-2016-4010 | 23 Jan 201721:00 | – | cvelist |
 | Magento < 2.0.6 - Arbitrary Unserialize / Arbitrary Write File | 18 May 201600:00 | – | exploitdb |
 | Magento 2.0.6 - Arbitrary Unserialize Arbitrary Write File | 18 May 201600:00 | – | exploitpack |
 | Immunity Canvas: MAGENTO_SET_PAYMENT_INFO | 23 Jan 201721:59 | – | canvas |
| Immunity Canvas: MAGENTO_SET_PAY_INFO | 23 Jan 201721:59 | – | canvas |
 | Magento 2.0.6 Unserialize Remote Code Execution | 2 Jun 201614:24 | – | metasploit |
10
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| paymentMethod | request body | /rest/default/V1/guest-carts/{guestCartId}/shipping-information | Magento REST API shipping-information endpoint accepts crafted payment data that can trigger object injection via unserialize and lead to unauthorized code execution. | CWE-74 |
| additional_data | request body | /rest/default/V1/guest-carts/{guestCartId}/shipping-information | Magento REST API shipping-information endpoint accepts crafted payment data that can trigger object injection via unserialize and lead to unauthorized code execution. | CWE-74 |
| additional_information | request body | /rest/default/V1/guest-carts/{guestCartId}/shipping-information | Magento REST API shipping-information endpoint accepts crafted payment data that can trigger object injection via unserialize and lead to unauthorized code execution. | CWE-74 |
| paymentMethod | request body | /rest/V1/guest-carts/{guestCartId}/set-payment-information | Magento REST API set-payment-information endpoint accepts crafted payment data that can trigger object injection via unserialize and lead to unauthorized code execution. | CWE-74 |
| additional_data | request body | /rest/V1/guest-carts/{guestCartId}/set-payment-information | Magento REST API set-payment-information endpoint accepts crafted payment data that can trigger object injection via unserialize and lead to unauthorized code execution. | CWE-74 |
| additional_information | request body | /rest/V1/guest-carts/{guestCartId}/set-payment-information | Magento REST API set-payment-information endpoint accepts crafted payment data that can trigger object injection via unserialize and lead to unauthorized code execution. | CWE-74 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
13 May 2026 00:24Current
9.7High risk
Vulners AI Score9.7
CVSS 27.5
CVSS 39.8
EPSS0.86897