28 Avr 2015
CVE-2015-1399 Vulnerability
PHP remote file inclusion vulnerability in the fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary PHP code via a URL in unspecified vectors involving the setScriptPath function. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have privileges to include arbitrary files. (CVSS:6.5) (Last Update:2016-04-01)
Vulnerability Details : PHP remote file inclusion vulnerability in the fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary PHP code via a URL in unspecified vectors involving the setScriptPath function. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have privileges to include arbitrary files. Publish Date : 2015-04-29 Last Update Date : 2016-04-01 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2015-1399
- Number Of Affected Versions By Product
- References For CVE-2015-1399 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2015-1399There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |