CVE-2016-4010 – Watch out a critical bug can fully compromise your Magento shop

  • 18 May 2016
  • 0 replies
  • 178 views

Userlevel 7
Badge +54
May 18, 2016  By Pierluigi Paganini
 
                                         http://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/06/magento.jpg?zoom=1.5&resize=500%2C260
 

The vulnerability CVE-2016-4010 allows an unauthenticated attacker to execute PHP code at the vulnerable Magento server and fully compromise the shop.

 
The Israeli security expert Nethanel Rubin (@na7irub) has reported a critical flaw (CVE-2016-4010) in the eBay Magento e-commerce platform that could be exploited by hackers to completely compromise shops online.
 
The vulnerability rated 9.8/10 has been fixed with the Magento version 2.0.6 published yesterday. The fix prevents unauthenticated user or user with minimal permissions to access the platform installation code and execute arbitrary PHP code on the server.
 
Full Article

0 replies

Be the first to reply!

Reply