Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 13/11/2014 Updated: 16/07/2019

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and previous versions for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/.

Vulnerable Product	Search on Vulmon	Subscribe to Product
magmi project magmi

Exploit found date: 10/24/2014 Security Researcher name: Parvinder Bhasin Contact info: parvinderbhasin@gmailcom twitter: @parvinderb - scorpio Currently tested version: Magento version: Magento CE - 18 older MAGMI version: v0717a older Download software link: Magento server: wwwmagentocommercecom/download MAGMI Plugin: https: ...

CWE-94 http://osvdb.org/show/osvdb/113848 http://www.exploit-db.com/exploits/35052 https://nvd.nist.gov https://www.exploit-db.com/exploits/35052/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-8770

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect