Magmi is vulnerable to cross-site scripting (XSS) attacks. A malicious user can inject and execute arbitrary webscript through the profile parameter of web/magmi.php
or through query_string to web/magmi_import_run.php
.
CPE | Name | Operator | Version |
---|---|---|---|
dweeves/magmi | le | 0.7.21 |