Critical vulnerability discovered in Magento eCommerce software. Has been given a 9.8/10 in terms of severity due to unauthenticated remote code execution. CVE assigned is CVE-2016-4010.

We advise all customers to apply the vendor patch if you are running Magento software on your web application(s). 

Upgrade to v2.0.6. Exploit code has been submitted to exploit-db but not yet verified.

For more information see: www.magento.com

Source: www.magento.com