Posted by DefenseCode on Apr 12

DefenseCode Security Advisory
Magento 0day Arbitrary File Upload Vulnerability
(Remote Code Execution, CSRF)

Advisory ID: DC-2017-04-003
Software: Magento CE
Software Language: PHP
Version: 2.1.6 and below
Vendor Status: Vendor contacted / Not fixed
Release Date: 20170413
Risk: High

# Advisory Overview

During the security audit of Magento Community Edition, a highly popular
e-commerce platform, a high risk…