Skip to main content

Magmi

6 CVEs product

Monthly

CVE-2020-5777 PHP CRITICAL POC PATCH THREAT Act Now

MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Apache Authentication Bypass Magmi
NVD
CVSS 3.1
9.8
EPSS
23.9%
CVE-2020-5776 PHP HIGH POC THREAT This Week

Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Magmi
NVD
CVSS 3.1
8.8
EPSS
14.7%
CVE-2017-7391 PHP MEDIUM POC PATCH This Month

A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Magmi
NVD GitHub
CVSS 3.0
6.1
EPSS
8.9%
CVE-2015-2068 PHP MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Adobe PHP Magmi
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.9%
CVE-2015-2067 PHP MEDIUM POC THREAT This Month

Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.4%.

Path Traversal Adobe PHP Magmi
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
76.4%
Threat
4.8
CVE-2014-8770 PHP CRITICAL POC THREAT Emergency

Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.2%.

RCE Code Injection File Upload PHP Adobe +1
NVD Exploit-DB
CVSS 2.0
9.0
EPSS
13.2%
EPSS 24% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Apache Authentication Bypass +1
NVD
EPSS 15% CVSS 8.8
HIGH POC THREAT This Week

Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Magmi
NVD
EPSS 9% CVSS 6.1
MEDIUM POC PATCH This Month

A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Magmi
NVD GitHub
EPSS 2% CVSS 4.3
MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Adobe PHP +1
NVD Exploit-DB
EPSS 76% 4.8 CVSS 5.0
MEDIUM POC THREAT This Month

Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.4%.

Path Traversal Adobe PHP +1
NVD Exploit-DB
EPSS 13% CVSS 9.0
CRITICAL POC THREAT Emergency

Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.2%.

RCE Code Injection File Upload +3
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy