CVE-2015-6497 in Magento Community Editioninfo

Summary

The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap.

Responsible

MITRE

Reservation

08/17/2015

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
307431Magento Community Edition/Enterprise Edition V2.php create input validation20Proof-of-ConceptOfficial fixCVE-2015-6497

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!