Showing 1 - 1 of 1

CVE-2015-6497

Status Candidate

Overview

The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap.

Related Files

Magento 1.9.2 File Inclusion: Posted Sep 14, 2015; Authored by EgiX; Magento versions 1.9.2 and below suffer from an autoloaded file inclusion vulnerability.; tags | exploit, file inclusion; advisories | CVE-2015-6497; SHA-256 | fc7990f532774d8eb7b6c58646a4184c066856b3fb99521ec6baa6859a83e854; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 269 files
Ubuntu 55 files
Gentoo 32 files
Debian 28 files
Apple 9 files
malvuln 6 files
nu11secur1ty 4 files
Adam Gowdiak 4 files
Ahmet Umit Bayram 3 files
liquidsky 3 files

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,042)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,619)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,770)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,499)
UNIX (9,401)
UnixWare (187)
Windows (6,659)
Other

CVE-2015-6497

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems