4 matches found
Magento Community Edition and Enterprise Edition PHP Remote File Inclusion Vulnerability
Magento is a professional open source PHP e-commerce system from Magento Inc. in the United States, which provides rights management, search engine and payment gateway, etc. Magento Community Edition CE is a community edition.Magento Enterprise Edition EE is an enterprise edition. A PHP remote fi...
Vulnerabilities in Magento Community Edition and Enterprise Edition
Magento is a professional open-source PHP e-commerce system from Magento, which provides rights management, search engine and payment gateway, etc. Magento Community Edition CE is a community edition.Magento Enterprise Edition EE is an enterprise edition. A security vulnerability exists in the...
CVE-2015-3458
The fetchView function in the MageCoreBlockTemplateZend class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP files via the phar:// stre...
Design/Logic Flaw
The fetchView function in the MageCoreBlockTemplateZend class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP files via the phar:// stre...