Vigil@nce - Magento Enterprise Edition: CSV file upload
October 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A privileged attacker can upload a malicious PHP.CSV file on
Magento Enterprise Edition, in order to execute code.
Impacted products: Magento Enterprise Edition
Severity: 2/4
Creation date: 06/10/2014
DESCRIPTION OF THE VULNERABILITY
The Magento Enterprise Edition product offers a web service.
However, a vulnerability allows an attacker, who has
administrative access to the Magento Admin Panel Dashboard, to:
– create a CSV file
– create a directory
– change permissions of a file
A ".php.csv" file can thus be uploaded on the server, and then
executed because of the Apache AddHandler directive.
A privileged attacker can therefore upload a malicious PHP.CSV
file on Magento Enterprise Edition, in order to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Magento-Enterprise-Edition-CSV-file-upload-15445