Magento CMS Multiple Security Vulnerabilities

Magento CMS is prone to the following security vulnerabilities.

1. Multiple HTML-injection vulnerabilities
2. Multiple remote code execution vulnerabilities
3. Multiple cross-site scripting vulnerabilities
4. An information-disclosure vulnerability
5. An authorization-bypass vulnerability
6. An Authentication-bypass vulnerability

An attacker may leverage these issues to gain unauthorized access, obtain potentially sensitive information, bypass the authentication mechanism and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.


Privacy Statement
Copyright 2010, SecurityFocus