Name | CVE-2016-4010 |
Description | Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
NOT-FOR-US: Magento
https://magento.com/security/patches/magento-206-security-update
http://www.netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/