Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize -> Arbitrary Write File
CVE-2016-4010: Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.
Impact: Magento e-commerce platform is vulnerable to an unauthenticated arbitrary file write vulnerability. Attackers can exploit this issue to gain administrative access to the application.
Mitigation: Vendor has released patch version.
- Report Incident▼