Lucene search
K

6 matches found

NVD
NVD
added 2020/01/15 5:15 p.m.18 views

CVE-2015-6497

The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition CE before 1.9.2.1 and Enterprise Edition EE before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData...

8.8CVSS8.8AI score0.0737EPSS
Exploits4References5
Cvelist
Cvelist
added 2020/01/15 4:49 p.m.28 views

CVE-2015-6497

The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition CE before 1.9.2.1 and Enterprise Edition EE before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData...

8.8AI score0.0737EPSS
Exploits4References5
CVE
CVE
added 2020/01/15 4:49 p.m.80 views

CVE-2015-6497

The CVE-2015-6497 flaw affects Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, where unvalidated data passed in the SOAP API’s productData parameter to index.php/api/v2_soap enables remote authenticated attackers to execute arbitrary PHP code. The root c...

8.8CVSS8.7AI score0.0737EPSS
Exploits4References5Affected Software1
0day.today
0day.today
added 2015/09/16 12:0 a.m.199 views

Magento 1.9.2 File Inclusion Vulnerability

Magento versions 1.9.2 and below suffer from an autoloaded file inclusion vulnerability. ------------------------------------------------------------------------------- Magento fault'datainvalid'; 113. 114. 115. $this-checkProductTypeExists$type; 116. $this-checkProductAttributeSet$set; 117. 118....

8.7AI score0.0737EPSS
Exploits4
seebug.org
seebug.org
added 2015/09/14 12:0 a.m.54 views

Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability

Software Link:http://magento.com/- Affected Versions:Version 1.9.2 and prior versions.- Vulnerability Description:The vulnerability is caused by the "catalogProductCreate" SOAP API implementation,which is defined into the /app/code/core/Mage/Catalog/Model/Product/Api/V2.php script:109. public...

8.9AI score0.0737EPSS
Exploits4
Packet Storm
Packet Storm
added 2015/09/14 12:0 a.m.110 views

Magento 1.9.2 File Inclusion

------------------------------------------------------------------------------- Magento fault'datainvalid'; 113. 114. 115. $this-checkProductTypeExists$type; 116. $this-checkProductAttributeSet$set; 117. 118. / @var $product MageCatalogModelProduct / 119. $product = Mage::getModel'catalog/product...

8.8AI score0.0737EPSS
Exploits4
Rows per page
Query Builder