CVE-2015-1397

MEDIUM severity · CVSS 6.5 · SQL injection

6.5CVSS MEDIUM

Summary

SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary SQL commands via the popularity[field_expr] parameter when the popularity[from] or popularity[to] parameter is set.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges required—

User interaction—

Confidentiality impact—

Integrity impact—

Availability impact—

Exploit probability (EPSS)72%

AV:N/AC:L/Au:S/C:P/I:P/A:P

Affected products we track (1)

Magento

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

NVD record
http://magento.com/blog/technical/critical-security-advisory-remote-code-execution-rce-vulnerabilityAdvisory
http://magento.com/blog/technical/critical-security-advisory-remote-code-execution-rce-vulnerabilityAdvisory
http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/
http://www.securitytracker.com/id/1032194
http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/
http://www.securitytracker.com/id/1032194
https://blog.sucuri.net/2015/04/magento-shoplift-supee-5344-exploits-in-the-wild.htmlExploit
https://blog.sucuri.net/2015/04/magento-shoplift-supee-5344-exploits-in-the-wild.htmlExploit