Magento » Magento : Security Vulnerabilities, CVEs, Published In 2015 (Sql injection) CVSS score >= 4

CVE-2015-1397

SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary SQL commands via the popularity[field_expr] parameter when the popularity[from] or popularity[to] parameter is set.
Max CVSS
6.5
EPSS Score
94.70%
Published
2015-04-29
Updated
2015-05-12
1 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close