Test ID:	1.3.6.1.4.1.25623.1.0.805372
Category:	Web application abuses
Title:	Magento Web E-Commerce Platform Multiple Vulnerabilities
Summary:	Magento Web E-Commerce Platform is prone to multiple vulnerabilities.
Description:	Summary: Magento Web E-Commerce Platform is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - The admin session are not properly validated, It fails to detect controller injection technique. - The admin templates filters are not properly validated before being returned to the user. - The 'from' and 'to' keys are not properly validated before being returned to the user. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code on the affected system. Affected Software/OS: Magento version 1.9.1.0 CE. Solution: Apply the patch manually. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1397 http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/ https://blog.sucuri.net/2015/04/magento-shoplift-supee-5344-exploits-in-the-wild.html http://www.securitytracker.com/id/1032194 Common Vulnerability Exposure (CVE) ID: CVE-2015-1398 Common Vulnerability Exposure (CVE) ID: CVE-2015-1399 Common Vulnerability Exposure (CVE) ID: CVE-2015-3457 BugTraq ID: 74420 http://www.securityfocus.com/bid/74420 http://www.securitytracker.com/id/1032230 Common Vulnerability Exposure (CVE) ID: CVE-2015-3458 BugTraq ID: 74412 http://www.securityfocus.com/bid/74412
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.