CVE-2016-4010

CRITICAL

Magento <2.0.6 - Code Injection

Title source: llm

Description

Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.

Exploits (4)

nomisec WRITEUP 6 stars

by brianwrf · poc

https://github.com/brianwrf/Magento-CVE-2016-4010

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by shadofren · poc

https://github.com/shadofren/CVE-2016-4010

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Netanel Rubin, agix · rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/magento_unserialize.rb

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by agix · phpwebappsphp

https://www.exploit-db.com/exploits/39838

View Code ZIP pw:eip

References (5)

[Technical Description, Third Party Advisory] http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/

[Patch, Vendor Advisory] https://magento.com/security/patches/magento-206-security-update

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/137121/Magento-Unauthenticated-Arbitrary-File-Write.html

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/137312/Magento-2.0.6-Unserialize-Remote-Code-Execution.html

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/39838/

Scores

CVSS v3 9.8

EPSS 0.8706

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-74

Status draft

Affected Products (2)

magento/magento < 2.0.5

Timeline

Published Jan 23, 2017

Tracked Since Feb 18, 2026