Before discovering my latest Magento RCE, I’ve found two different vulnerabilities, both resulting in the complete compromise of customer data and/or the server. As they are far less complicated, I’m presenting both of them in this single blog postĀ for your convenience.
Category: Magento
Magento – Unauthenticated Remote Code Execution
The vulnerability (CVE-2016-4010) allows an attacker to execute PHP code at the vulnerable Magento server unauthenticated. This vulnerability actually consists of many small vulnerabilities, as described further in theĀ blog post. Magento is an extremely popular eCommerce platform with a 30% share in the eCommerce market. It is used by major corporations, such as Rosetta Stone, […]