Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Magento Community Edition < 1.9.3 Multiple Vulnerabilities

Critical

Synopsis

The remote web server is running an outdated instance of Magento Community Edition (CE) that is affected by multiple attack vectors.

Description

Versions of Magento CE prior to 1.9.3 are affected by multiple vulnerabilities :

- An unspecified flaw exists related to certain payment methods that may allow a remote attacker to potentially execute arbitrary code. No further details have been provided. (OSVDB 145698) - A flaw exists that may allow carrying out a SQL injection attack. The issue is due to the Admin Panel not properly sanitizing input to the 'ordering' or 'grouping' parameters before using it in SQL queries. This may allow an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (OSVDB 145699) - A flaw exists that is due to the program failing to terminate sessions after a user has logged out. This may allow a remote attacker to more easily conduct a session hijacking attack, or allow an attacker with access to a user's computer to access the site after they believe they have logged out. (OSVDB 145712) - A flaw exists as certificates are not properly validated. By spoofing the server via a certificate that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data related to calls to external services. (OSVDB 145713) - A flaw exists that is triggered when performing hash checks, which may allow a remote attacker to conduct a timing attack against the password checking functionality. No further details have been provided. (OSVDB 145714) - A flaw exists in the import/export functionality that is due to the program failing to perform checks when unserializing data. This may allow an authenticated remote attacker to potentially execute arbitrary code. (OSVDB 146050) - A flaw exists that allows a cross-site scripting (XSS) attack. This flaw exists because the program does not validate input when handling request headers before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 146051) - A flaw exists that allows a XSS attack. This flaw exists because the Admin Panel does not validate input when handling categories before returning it to users. This may allow an authenticated remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 146052) - A flaw exists that is triggered during the handling of a specially crafted GIF image. This may allow an authenticated remote attacker to cause a script timeout. (OSVDB 146053) - A flaw exists that allows a reflected XSS attack. This flaw exists because the Flash file uploader does not validate input before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 146054) - A flaw exists as HTTP requests to multiple forms do not properly validate form keys, or require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a Cross-Site Request Forgery (CSRF/XSRF) attack causing the victim to update a cart or login or potentially have other unspecified impacts. (OSVDB 146055) - A flaw exists when operating in certain unspecified configurations that may allow a remote attacker to log in as an existing store customer if they know that user's email address, without requiring that user's password. (OSVDB 146057) - A flaw exists as HTTP requests do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a CSRF/XSRF attack causing the victim to delete addresses or wishlist items. (OSVDB 146073)

Solution

Upgrade to Magento CE version 1.9.3 or later.