28 Avr 2015
CVE-2015-1397
Vulnerability Details : CVE-2015-1397 SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary SQL commands via the popularity[field_expr] parameter when the popularity[from] or popularity[to] parameter is set. Publish Date : 2015-04-29 Last Update Date : 2015-04-29 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2015-1397
- References For CVE-2015-1397 | |||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2015-1397There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information) |