CVE-2015-1399
a vulnerability, which was classified as critical, has been found in magento. Affected by this issue is the function fetchView. The manipulation with an unknown input leads to a code injection vulnerability. Using CWE to declare the problem leads to CWE-94. The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. Impacted is confidentiality, integrity, and availability.
The target web application is running Magento 1.9, and it suffers from this vulnerability