Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.Referenceshttps://packetstormsecurity.com/files/137121/Magento-Unauthenticated-Arbitrary-File-Write.htmlhttp://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/https://magento.com/security/patches/magento-206-security-updatehttps://www.exploit-db.com/exploits/39838/https://packetstormsecurity.com/files/137312/Magento-2.0.6-Unserialize-Remote-Code-Execution.html
