Lucene search
Veracode Vulnerability DatabaseVERACODE:4745HistoryJul 27, 2017 - 5:41 a.m.
Remote File Inclusion
2017-07-2705:41:00
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.615 Medium
EPSS
Percentile
97.8%
Magento is vulnerable to remote file inclusion. The vulnerability is possible because the fetchView() function in the Mage_Core_Block_Template_Zend class does not enforce security mechanisms, allowing an authenticated administrator to execute arbitrary PHP code on the web server.
| CPE | Name | Operator | Version |
|---|---|---|---|
| magento/core | le | 1.9.1.0 | |
| firegento/magento | le | 1.9.1.0 |
References
blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/
magento.com/blog/technical/critical-security-advisory-remote-code-execution-rce-vulnerability
www.securitytracker.com/id/1032194
blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/
magento.com/blog/technical/critical-security-advisory-remote-code-execution-rce-vulnerability
magento.com/security-patch
Related
cve
cve
CVE-2015-1399
2015-04-29 22:59:02
prion
prion
Remote file inclusion
2015-04-29 22:59:00
cvelist
cvelist
CVE-2015-1399
2015-04-29 22:00:00
nvd
nvd
CVE-2015-1399
2015-04-29 22:59:02
checkpoint_advisories
checkpoint_advisories
Magento eCommerce Web Sites Remote File Inclusion (CVE-2015-1399)
2015-02-01 00:00:00
openvas
openvas
Magento Web E-Commerce Platform Multiple Vulnerabilities
2015-04-29 00:00:00