Magento Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2016-4010 - Vulnerability Database

Magento Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2016-4010

Critical
Reference: CVE-2016-4010
Title: Magento Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Overview:

Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.