2 matches found
VulnCheck KEV: CVE-2015-1397
SQL injection vulnerability in the getCsvFile function in the MageAdminhtmlBlockWidgetGrid class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allows remote administrators to execute arbitrary SQL commands via the popularityfieldexpr parameter when the...
Magento Community Edition and Enterprise Edition SQL Injection Vulnerabilities
Magento is a professional open-source PHP e-commerce system from Magento, which provides rights management, search engine and payment gateway, etc. Magento Community Edition CE is a community edition.Magento Enterprise Edition EE is an enterprise edition. A SQL injection vulnerability exists in t...