Lucene search
GitHub Advisory DatabaseGHSA-X3GH-95P8-43QVHistoryMay 14, 2022 - 12:56 a.m.
MAGMI plugin for Magento Unsafe File Upload
2022-05-1400:56:27
CWE-94
GitHub Advisory Database
github.com
5
magmi
magento
remote code execution
unrestricted file upload
vulnerability
CVSS2
9
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
EPSS
0.005
Percentile
75.9%
Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/.
Affected configurations
Node
dweevesmagmiRange≤0.7.17a
Related
osv
osv
MAGMI plugin for Magento Unsafe File Upload
2022-05-14 00:56:27
cvelist
cvelist
CVE-2014-8770
2014-11-13 15:00:00
exploitdb
exploitdb
Magento Server MAGMI Plugin 0.7.17a - Remote File Inclusion
2014-10-25 00:00:00
nvd
nvd
CVE-2014-8770
2014-11-13 21:32:14
cve
cve
CVE-2014-8770
2014-11-13 21:32:14
openvas
openvas
prion
prion
Unrestricted file upload
2014-11-13 21:32:00
CVSS2
9
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
EPSS
0.005
Percentile
75.9%
Related for GHSA-X3GH-95P8-43QV