Arbitrary PHP Code Execution via Serialized Shopping Cart Data in Magento CE and EE before 2.0.6

Arbitrary PHP Code Execution via Serialized Shopping Cart Data in Magento CE and EE before 2.0.6

CVE-2016-4010 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.

Learn more about our Web Application Penetration Testing UK.