 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.106792 |
| Category: | Web application abuses |
| Title: | Magento Arbitrary File Upload Vulnerability |
| Summary: | Magento Web E-Commerce Platform is prone to an arbitrary file upload;vulnerability. |
| Description: | Summary: Magento Web E-Commerce Platform is prone to an arbitrary file upload vulnerability. Vulnerability Insight: A high risk vulnerability was discovered in Magento that could lead to remote code execution and thus the complete system compromise including the database containing sensitive customer information such as stored credit card numbers and other payment information. The main attack vector uses an additional Cross Site Request Forgery vulnerability. Affected Software/OS: Magento CE and EE prior to 2.0.14/2.1.7. Solution: Update to version 2.0.14/2.1.7 or later. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C |
| Copyright | Copyright (C) 2017 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |