|
Description
|
|
(#Several vulnerabilities have been identified in Magento:#- information disclosure and privilege escalation. A remote attacker could exploit it in order to get customer information (order information, order IDs, customer name) and to possibly elevate its privileges. The vulnerability is due to improper check for authorized URL in the RSS component##- cross-site request forgery. A remote attacker could perform certain operations, such as the installation of a remote module that leads to the execution of remote code, by inciting a Magento store administrator into opening a malicious link. The vulnerability is located in Magento Connect Manager##- cross-site scripting. A remote attacker could exploit it in order to use the store to send spoofing or phishing emails by manipulating the customer name in a wishlist##- cross-site scripting. A remote attacker could exploit it in order to execute arbitrary JavaScript or HTML code by inciting their victim into following a specially formed link. The vulnerability is due to the non-validation of user input in the redirection link on an empty cart page##- path disclosure. A remote attacker could exploit it by directly accessing the URL of files related to Magento Connect in order to cause an exception that shows the server path##- information disclosure. A remote attacker, who is another user on the server, could exploit it in order to read or alter log files. The vulnerability is due to permissions on log files that are too broad##- cross-site scripting. A remote attacker with admin privileges could exploit it in order to execute arbitrary JavaScript or HTML code by manipulating the title of a Widget in the Magento Admin##- cross-site scripting. A remote attacker could exploit it in order to inject incorrect or malicious data into the New Orders RSS feed by manipulating the customer name##- information disclosure. A remote attacker could exploit it in order to force the Admin Login page to appear by directly calling a module, regardless of the URL##- information disclosure. A remote attacker could exploit it in order to obtain address information from the address books of other store customers, by entering a sequential ID during the checkout process. A proof of concept exists##- information disclosure. A remote attacker could exploit it in order to obtain address information, previous order and payment method from recurring payment profiles of other store customers, by entering a sequential ID while viewing its own recurring profile. A proof of concept exists##- path disclosure. A remote attacker could exploit it by using fictitious image URLs in order to cause an exception that shows the server path##- cross-site scripting. A remote attacker can exploit it in order to execute arbitrary JavaScript or HTML code, within the context of a Magento Connect Manager session, by inciting their victim into following a specially formed link##- formula injection. A remote attacker could exploit it in order to perform actions on the spreadsheet such as data exfiltration, by providing input that executes a formula when exported and opened in a spreadsheet application##- cross-site scripting. A remote attacker can exploit it in order to execute arbitrary JavaScript or HTML code by inciting a customer into following a specially formed link. This attack is performed using Authorize.Net Direct Post Module##- abuse of functionality. A remote attacker could exploit it in order to overwrite files on the server by publishing a malicious extension and enticing an user to install it##- shoplift bug: security bypass and SQL injection. A remote attacker could exploit it in order to execute Admin action and execute SQL commands.)
|
