CVE-2015-6497: Improper Input Validation
(updated )
The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php
in Magento Community Edition, when used with PHP, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap
.
References
Detect and mitigate CVE-2015-6497 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →