Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Magento Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2016-4010 - Vulnerability Database
Magento

Magento Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2016-4010

Critical
Reference: CVE-2016-4010
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-4010
Title: Magento Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Overview:

Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.