Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2016-2212
HistoryApr 15, 2016 - 2:00 p.m.

CVE-2016-2212

2016-04-1514:00:00
mitre
www.cve.org

5.1 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.1%

JSON

The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enterprise Edition before 1.14.2.3 and Magento Community Edition before 1.9.2.3 allows remote attackers to obtain sensitive order information via the order_id in a JSON object in the data parameter in an RSS feed request to index.php/rss/order/status.

Related

openvas 1
prion 1
nvd 1
packetstorm 1
cve 1
openvas
openvas
Magento RSS Feed Information Disclosure Vulnerability
2016-04-06 00:00:00
prion
prion
Design/Logic Flaw
2016-04-15 14:59:00
nvd
nvd
CVE-2016-2212
2016-04-15 14:59:13
packetstorm
packetstorm
Magento 1.9.2.2 RSS Feed Information Disclosure
2016-02-25 00:00:00
cve
cve
CVE-2016-2212
2016-04-15 14:59:13

5.1 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.1%

JSON
Related for CVELIST:CVE-2016-2212
openvas1prion1nvd1packetstorm1cve1