Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.142212 |
Kategorie: | Web application abuses |
Titel: | Magento 1.x Multiple Vulnerabilities - March19 |
Zusammenfassung: | Magento 1.x is prone to multiple vulnerabilities. |
Beschreibung: | Summary: Magento 1.x is prone to multiple vulnerabilities. Vulnerability Insight: Magento 1.x is prone to multiple vulnerabilities: - SQL Injection vulnerability through an unauthenticated user - Remote code execution via server side request forgery issued to Redis - Arbitrary code execution due to unsafe handling of a malicious product attribute configuration - Arbitrary code execution due to unsafe deserialization of a PHP archive - Arbitrary code execution due to unsafe handling of a malicious layout update - Remote code execution through PHP code that can be uploaded to the ngnix server due to crafted customer store attributes - Remote code execution through arbitrary XML data sent through a layout table - Arbitrary code execution through bypass of PHP file upload restriction - Arbitrary code execution due to bypass of layout validator - Stored cross-site scripting in the escaper framework - Reflected cross-site scriptingin the product widget chooser section of the Admin - Deletion of Catalog rules through cross-site request forgery - Deletion of Catalog products through cross-site request forgery - Stored cross-site scripting in the admin panel via the Admin Shopping Cart Rules page - Deletion of SOAP/XML-RPC-User and SOAP/XML-RPC-Role through cross-site request forgery - Deletion of user roles through cross-site request forgery - Deletion of store design schedule through cross-site request forgery - Deletion of shopping cart price rules through cross-site request forgery - Deletion of REST-Role and REST-OAuth Consumer, and change of REST-Attribute via cross-site request forgery - Deletion of a product attribute through cross-site request forgery - Deletion of an Admin user through cross-site request forgery - Stored cross-site scripting in the Admin through the Email Template Preview section - Data manipulation due to improper validation - Admin credentials are logged in exception reports - Unauthorized access to the order list through an insecure direct object reference in the application Solution: Update to version 1.9.4.1, 1.14.4.1 or later. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C |
Copyright | This script is Copyright (C) 2019 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |