4 matches found
CVE-2015-1399
PHP remote file inclusion vulnerability in the fetchView function in the MageCoreBlockTemplateZend class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allows remote administrators to execute arbitrary PHP code via a URL in unspecified vectors involving the setScriptPa...
CVE-2015-1399
Magento CE 1.9.1.0 and EE 1.14.1.0 are affected by a PHP Remote Code Execution via the fetchView() in Mage_Core_Block_Template_Zend, caused by insufficient security checks when including a URL through setScriptPath. An authenticated administrator could execute arbitrary PHP on the server. No expl...
CVE-2015-1399
PHP remote file inclusion vulnerability in the fetchView function in the MageCoreBlockTemplateZend class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allows remote administrators to execute arbitrary PHP code via a URL in unspecified vectors involving the setScriptPa...
Magento eCommerce Web Sites Remote File Inclusion (CVE-2015-1399)
A remote file inclusion vulnerability has been reported in Magento component. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...