Magento Multiple Security Vulnerabilities

Magento is prone to the following security vulnerabilities.

1. An HTML-injection vulnerability
2. Multiple remote-code execution vulnerabilities
3. A local file-include vulnerability
4. An arbitrary-file Delete vulnerability
Attackers can exploit these issues to steal cookie-based authentication credentials, to execute arbitrary scripts in the context of the web browser, to execute arbitrary code, delete arbitrary files and perform unauthorized actions.

Information

Bugtraq ID: 101912
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Nov 07 2017 12:00AM
Updated: Nov 07 2017 12:00AM
Credit: pocallaghan, jazzy2fives, fabian, mortis, convenient, magecraze.
Vulnerable: Magento Magento 2.1.9
Magento Magento 2.0.16
Magento Magento 2.2
Magento Magento 1.9.3.6
Magento Magento 1.9.2.4
Magento Magento 1.9.2.3
Magento Magento 1.9.2.2
Magento Magento 1.9.2.1
Magento Magento 1.9.2.0
Magento Magento 1.9.0.1
Magento Magento 1.14.3.6
Magento Magento 1.14.3.4
Magento Magento 1.14.2.3
Magento Magento 1.14.2.0

Not Vulnerable: Magento Magento 2.2.1
Magento Magento 2.1.10
Magento Magento 2.0.17
Magento Magento 1.9.3.7

Exploit

The researcher has created a proof-of-concept to demonstrate these issues. Please see the references for more information.

References:

Magento Homepage (Magento)
MAGENTO 2.2.1, 2.1.10 AND 2.0.17 SECURITY UPDATE (magento)

Source: www.securityfocus.com

Exploit Collector

Search Exploit