Lucene search
K

4 matches found

CNVD
CNVD
added 2015/04/30 12:0 a.m.4 views

Magento Community Edition and Enterprise Edition PHP Remote File Inclusion Vulnerability

Magento is a professional open source PHP e-commerce system from Magento Inc. in the United States, which provides rights management, search engine and payment gateway, etc. Magento Community Edition CE is a community edition.Magento Enterprise Edition EE is an enterprise edition. A PHP remote fi...

6.5CVSS7.8AI score0.10071EPSS
Exploits1References1
CNVD
CNVD
added 2015/04/30 12:0 a.m.2 views

Vulnerabilities in Magento Community Edition and Enterprise Edition

Magento is a professional open-source PHP e-commerce system from Magento, which provides rights management, search engine and payment gateway, etc. Magento Community Edition CE is a community edition.Magento Enterprise Edition EE is an enterprise edition. A security vulnerability exists in the...

6.5CVSS7.5AI score0.06053EPSS
Exploits1References1
NVD
NVD
added 2015/04/29 10:59 p.m.15 views

CVE-2015-3458

The fetchView function in the MageCoreBlockTemplateZend class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP files via the phar:// stre...

6.5CVSS7.4AI score0.06053EPSS
Exploits1References4
Prion
Prion
added 2015/04/29 10:59 p.m.11 views

Design/Logic Flaw

The fetchView function in the MageCoreBlockTemplateZend class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP files via the phar:// stre...

6.5CVSS7.9AI score0.06053EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder