Magento arbitrary PHP code execution via the productData parameter

The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition CE before 1.9.2.1 and Enterprise Edition EE before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData...

GHSA-J4FQ-3FM7-WH5V Magento arbitrary PHP code execution via the productData parameter

The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition CE before 1.9.2.1 and Enterprise Edition EE before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData...

CVE-2015-6497

The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition CE before 1.9.2.1 and Enterprise Edition EE before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData...

CVE-2015-6497

The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition CE before 1.9.2.1 and Enterprise Edition EE before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData...