CVE-2015-3458
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP files via the phar:// stream wrapper, related to the setScriptPath function. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have privileges to include arbitrary files.
La función fetchView en la clase Mage_Core_Block_Template_Zend en Magento Community Edition (CE) 1.9.1.0 y Enterprise Edition (EE) 1.14.1.0 no restringe el envoltorio de flujos utilizado en una ruta de plantilla, lo que permite a administradores remotos incluir y ejecutar ficheros PHP arbitrarios a través del envoltorio de flujos phar://, relacionado con la función setScriptPath. NOTA: no está claro si este problema cruza los límites de los privilegios, como los administradores podría ya tener los privilegios para incluir ficheros arbitrarios.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-04-29 CVE Reserved
- 2015-04-29 CVE Published
- 2024-05-23 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/74412 | Vdb Entry | |
| http://www.securitytracker.com/id/1032230 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://magento.com/blog/technical/critical-security-advisory-remote-code-execution-rce-vulnerability | 2016-12-06 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Magento Search vendor "Magento" | Magento Search vendor "Magento" for product "Magento" | 1.9.1.0 Search vendor "Magento" for product "Magento" and version "1.9.1.0" | community |
Affected
| ||||||
| Magento Search vendor "Magento" | Magento Search vendor "Magento" for product "Magento" | 1.14.1.0 Search vendor "Magento" for product "Magento" and version "1.14.1.0" | enterprise |
Affected
| ||||||