What is CVE-2015-1397?

CVE-2015-1397 is a vulnerability in Magento, classified under SQL Injection. Published 2015-04-29.

Is CVE-2015-1397 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Magento

CVE-2015-1397

SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary SQL comma…

Vulnerability class: SQL Injection

EPSS: 0.715 (98.7th percentile) — read the EPSS interpretation.

Affected products

Magento — versions 1.9.1.0, 1.14.1.0
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
1032194 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)

Frequently asked questions

What is CVE-2015-1397?: CVE-2015-1397 is a vulnerability in Magento, classified under SQL Injection. Published 2015-04-29.
Is CVE-2015-1397 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.