CVE-2016-4010
CVE-2016-4010
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.
Productos afectados
n/a · n/aPoCs públicas encontradas — 6
githubgithub.com/brianwrf/Magento-CVE-2016-4010★ 6githubgithub.com/shadofren/CVE-2016-4010★ 2cve_referencepacketstormsecurity.com/files/137312/Magento-2.0.6-Unserialize-Remote-Code-Execution.htmlno verificadocve_referencewww.exploit-db.com/exploits/39838/no verificadoexploitdbwww.exploit-db.com/exploits/39838no verificadocve_referencepacketstormsecurity.com/files/137121/Magento-Unauthenticated-Arbitrary-File-Write.htmlno verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/https://magento.com/security/patches/magento-206-security-updatehttps://packetstormsecurity.com/files/137121/Magento-Unauthenticated-Arbitrary-File-Write.htmlhttps://packetstormsecurity.com/files/137312/Magento-2.0.6-Unserialize-Remote-Code-Execution.htmlhttps://www.exploit-db.com/exploits/39838/