A vulnerability, which was classified as problematic, has been found in Magento up to 1.14.2.2/1.9.2.2. Affected by this issue is the function getOrderByStatusUrlKey of the file app/code/core/Mage/Rss/Helper/Order.php. The manipulation of the argument data with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality. CVE summarizes:

The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enterprise Edition before 1.14.2.3 and Magento Community Edition before 1.9.2.3 allows remote attackers to obtain sensitive order information via the order_id in a JSON object in the data parameter in an RSS feed request to index.php/rss/order/status.

The weakness was published 04/15/2016 (Website). The advisory is shared for download at securityfocus.com. This vulnerability is handled as CVE-2016-2212 since 02/01/2016. The exploitation is known to be easy. The attack may be launched remotely. No form of authentication is required for exploitation. There are known technical details, but no exploit is available. The MITRE ATT&CK project declares the attack technique as T1592.

By approaching the search of inurl:app/code/core/Mage/Rss/Helper/Order.php it is possible to find vulnerable targets with Google Hacking.

Upgrading to version 1.14.2.3 or 1.9.2.3 eliminates this vulnerability.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• E-Commerce Management Software

Name

• Magento

Version

• 1.9.2.0
• 1.9.2.1
• 1.9.2.2
• 1.14.2.0
• 1.14.2.1
• 1.14.2.2

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion