Critical vulnerability discovered in Magento eCommerce software. Has been given a 9.8/10 in terms of severity due to unauthenticated remote code execution. CVE assigned is CVE-2016-4010.
We advise all customers to apply the vendor patch if you are running Magento software on your web application(s).
Upgrade to v2.0.6. Exploit code has been submitted to exploit-db but not yet verified.
For more information see: www.magento.com