Magento Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2016-4010 - Vulnerability Database
Magento Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2016-4010
Critical
Reference:
CVE-2016-4010
Title:
Magento Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Overview:
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.