Magento CMS 'RetrieveImage.php' Arbitrary File Upload Vulnerability

Magento CMS is prone to an arbitrary-file-upload vulnerability.

An attacker can exploit this issue to upload arbitrary code and execute it in the context of the web server process or perform unauthorized actions.

Magento Community Edition 2.1.6 and prior are affected.

Information

Bugtraq ID: 97642
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Apr 03 2017 12:00AM
Updated: Apr 14 2017 10:08AM
Credit: Bosko Stankovic
Vulnerable: Magento Community Edition 2.0.6
Magento Community Edition 2.0.5
Magento Community Edition 2.0.4
Magento Community Edition 2.0.3
Magento Community Edition 2.0.2
Magento Community Edition 2.1.6
Magento Community Edition 2.0.1
Magento Community Edition 1.9.3.2
Magento Community Edition 1.9.3
Magento Community Edition 1.9.2.3
Magento Community Edition 1.9.2.2
Magento Community Edition 1.9.2.1
Magento Community Edition 1.9.2.0
Magento Community Edition 1.9.1.0
Magento Community Edition 1.8.1
Magento Community Edition 1.7.0.2
Magento Community Edition 1.7.0.1

Not Vulnerable:

References:

• Magento Homepage (Magento)
  
• Magento Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF) (defensecode)
  

Source: www.securityfocus.com