Magento – Unauthenticated Remote Code Execution

The vulnerability (CVE-2016-4010) allows an attacker to execute PHP code at the vulnerable Magento server unauthenticated. This vulnerability actually consists of many small vulnerabilities, as described further in theĀ blog post. Magento is an extremely popular eCommerce platform with a 30% share in the eCommerce market. It is used by major corporations, such as Rosetta Stone, […]