Check Point posted a video on its blog that showed how the flaw could be used to reduce the price of a US$100,000 watch on an e-commerce site they created for demonstration purposes.
Rubin wrote the vulnerability in Magento is composed of several flaws which allow an unauthenticated hacker to run PHP code on a web server. The flaws are within Magento?s core code and affects default installations of Magento?s Community 1.9.1.0 and Enterprise 1.14.1.0 editions, he wrote.
