vendor:
Magento Community Edition
by:
@Ebrietas0
9
CVSS
CRITICAL
Remote Code Execution
78
CWE
Product Name: Magento Community Edition
Affected Version From: <= 1.9.0.1
Affected Version To:
Patch Exists: YES
Related CWE:
CPE: a:magento:magento_community_edition:1.9.0.1
Platforms Tested: Ubuntu 15
2015
Magento CE < 1.9.0.1 Post Auth RCE
This exploit allows an attacker to execute arbitrary commands on a vulnerable Magento CE version < 1.9.0.1 post-authentication. The exploit works by leveraging a vulnerability in the Zend_Log class to pivot into the call_user_exec function and execute a specified command. The payload is constructed as an object of the Zend_Log class with a malicious YAML encoder that allows the execution of the command passed as an argument. The exploit requires authentication and the exact installation date from the local.xml file. It has been tested on Ubuntu 15.
Mitigation:
Upgrade to Magento CE version 1.9.0.1 or above. Additionally, ensure that proper authentication and access controls are in place to prevent unauthorized access to the application.