Magento CMS Multiple Security Vulnerabilities

Magento CMS is prone to the following security vulnerabilities.

1. Multiple HTML-injection vulnerabilities
2. Multiple remote-code execution vulnerabilities
3. A directory-traversal vulnerability
4. An arbitrary file upload vulnerability
5. Multiple cross-site request forgery vulnerabilities
6. Multiple information-disclosure vulnerabilities
7. A security-bypass vulnerability

Attackers can exploit these issues to steal cookie-based authentication credentials, to execute arbitrary scripts in the context of the web browser, or to execute arbitrary code in the context of the affected application, disclose sensitive information, elevate privileges, upload arbitrary files and to bypass certain security restrictions and perform unauthorized actions.


Privacy Statement
Copyright 2010, SecurityFocus