CVE-2016-4010 (CRITICAL) CVSS 9.8

🔴 Severity: CRITICAL (CVSS 9.8)

Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.

Published: 2017-01-23
Last Modified: 2026-05-13 ⚠️

References:

• netanelrub.in/2016/05/1…
• magento.com/security/…
• packetstormsecurity.com/files/137…
• packetstormsecurity.com/files/137…
• www.exploit-db.com/exploits/…

View Full CVE Details on NIST NVD →