CRITICAL
Magento
CVE published 2017-01-23
CVE-2016-4010
CVE-2016-4010 is a critical Magento vulnerability affecting Community and Enterprise editions before 2.0.6. The issue can allow remote attackers to execute arbitrary PHP code through crafted serialized shopping cart data, which makes internet-facing stores especially high priority for remediation. Magento’s security update for 2.0.6 and the NVD record both point to affected versions through 2.0.5.