Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magmi project magmi vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-5777
MAGMI versions before 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting max_connections (default 151) is lower...
Magmi Project Magmi
8.8
CVSSv3
CVE-2020-5776
Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.
Magmi Project Magmi
6.1
CVSSv3
CVE-2017-7391
A Cross-Site Scripting (XSS) exists in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the 'magmi-git-master/magmi/web/ajax_gettime.php' URL. An attacker could execute arbitrary HTML and script c...
Magmi Project Magmi 0.7.22
NA
CVE-2015-2067
Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter.
Magmi Project Magmi -
1 EDB exploit
NA
CVE-2015-2068
Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allow remote malicious users to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.ph...
Magmi Project Magmi -
1 EDB exploit
NA
CVE-2014-8770
Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and previous versions for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP f...
Magmi Project Magmi
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started