Lucene search
K

4 matches found

NVD
NVD
added 2015/04/29 10:59 p.m.19 views

CVE-2015-1399

PHP remote file inclusion vulnerability in the fetchView function in the MageCoreBlockTemplateZend class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allows remote administrators to execute arbitrary PHP code via a URL in unspecified vectors involving the setScriptPa...

6.5CVSS7.5AI score0.10071EPSS
Exploits1References3
CVE
CVE
added 2015/04/29 10:0 p.m.65 views

CVE-2015-1399

Magento CE 1.9.1.0 and EE 1.14.1.0 are affected by a PHP Remote Code Execution via the fetchView() in Mage_Core_Block_Template_Zend, caused by insufficient security checks when including a URL through setScriptPath. An authenticated administrator could execute arbitrary PHP on the server. No expl...

6.5CVSS7.7AI score0.10071EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2015/04/29 10:0 p.m.21 views

CVE-2015-1399

PHP remote file inclusion vulnerability in the fetchView function in the MageCoreBlockTemplateZend class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allows remote administrators to execute arbitrary PHP code via a URL in unspecified vectors involving the setScriptPa...

7.5AI score0.10071EPSS
Exploits1References3
Check Point Advisories
Check Point Advisories
added 2015/02/01 12:0 a.m.9 views

Magento eCommerce Web Sites Remote File Inclusion (CVE-2015-1399)

A remote file inclusion vulnerability has been reported in Magento component. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.5CVSS7.2AI score0.10071EPSS
Exploits1
Rows per page
Query Builder