6 matches found
CVE-2015-6497
The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition CE before 1.9.2.1 and Enterprise Edition EE before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData...
CVE-2015-6497
The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition CE before 1.9.2.1 and Enterprise Edition EE before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData...
CVE-2015-6497
The CVE-2015-6497 flaw affects Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, where unvalidated data passed in the SOAP API’s productData parameter to index.php/api/v2_soap enables remote authenticated attackers to execute arbitrary PHP code. The root c...
Magento 1.9.2 File Inclusion Vulnerability
Magento versions 1.9.2 and below suffer from an autoloaded file inclusion vulnerability. ------------------------------------------------------------------------------- Magento fault'datainvalid'; 113. 114. 115. $this-checkProductTypeExists$type; 116. $this-checkProductAttributeSet$set; 117. 118....
Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability
Software Link:http://magento.com/- Affected Versions:Version 1.9.2 and prior versions.- Vulnerability Description:The vulnerability is caused by the "catalogProductCreate" SOAP API implementation,which is defined into the /app/code/core/Mage/Catalog/Model/Product/Api/V2.php script:109. public...
Magento 1.9.2 File Inclusion
------------------------------------------------------------------------------- Magento fault'datainvalid'; 113. 114. 115. $this-checkProductTypeExists$type; 116. $this-checkProductAttributeSet$set; 117. 118. / @var $product MageCatalogModelProduct / 119. $product = Mage::getModel'catalog/product...