Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.2%.
RCE
Code Injection
File Upload
PHP
Adobe
+1
NVD
Exploit-DB
CVSS 2.0
9.0
EPSS
13.2%