Arbitrary SQL Command Execution in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0

Arbitrary SQL Command Execution in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0

CVE-2015-1397 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary SQL commands via the popularity[field_expr] parameter when the popularity[from] or popularity[to] parameter is set.

Learn more about our Web Application Penetration Testing UK.