Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Magento Community Edition 2.x < 2.0.1 Multiple Vulnerabilities

High

Synopsis

The remote web server is running an outdated instance of Magento Community Edition (CE) that is affected by multiple attack vectors.

Description

Versions of Magento CE 2.x prior to 2.0.1 are affected by multiple vulnerabilities :

- A flaw exists that allows a stored cross-site scripting (XSS) attack. This flaw exists because the program does not validate input to usernames during customer registration before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 133462) - A flaw exists in any CMS functionalities that may allow an authenticated remote attacker to gain access to information stored in the block cache. This may allow the attacker to read store configuration, encryption keys, and database connection details or to execute arbitrary code. (OSVDB 133463) - A flaw exists that may allow carrying out a blind SQL injection attack. The issue is due to the program not properly sanitizing user-supplied input via layered navigation. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (OSVDB 133464) - A flaw exists that allows a reflected XSS attack. This flaw exists because the program does not validate input to the Form Key cookie before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 133465) - A flaw exists that allows a stored XSS attack. This flaw exists because the program does not validate input to the Pro Payment Module when handling requests before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 133466) - An unspecified flaw exists in Guest Order View protection that may allow an attacker to conduct a brute-force attack and gain access to order information from the store. (OSVDB 133467) - A flaw exists that allows a stored XSS attack. This flaw exists because the program does not validate input to the file name of uploaded files before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 133468) - A flaw exists that is due to the program failing to sufficiently verify request parameters. This may allow an authenticated remote attacker to delete or edit product reviews and send them back to a pending state. (OSVDB 133469) - A flaw exists in form keys as HTTP requests do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a Cross-Site Request Forgery (CSRF/XSRF) attack causing the victim to delete items from shopping carts. (OSVDB 133470) - An unspecified flaw exists in the Magento frontend that may allow an attacker to bypass CAPTCHA testing mechanisms. No further details have been provided. (OSVDB 133508) - A flaw exists that may allow a remote attacker to bypass the 'MaliciousCodeFilter' function when entering HTML code. No further details have been provided. (OSVDB 133510)

Solution

Upgrade to Magento CE version 2.0.1 or later.