|Category:||Web application abuses|
|Title:||Magmi (Magento Mass Importer) <= 0.7.17a Unrestricted File Upload Vulnerability|
|Summary:||Magmi is prone to an unrestricted file upload vulnerability.|
Magmi is prone to an unrestricted file upload vulnerability.
Remote authenticated users are able to execute arbitrary code by
uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request
to it in magmi/plugins/.
Magmi versions 0.7.17a and earlier.
No known solution was made available for at least one year since
the disclosure of this vulnerability. Likely none will be provided anymore. General solution options
are to upgrade to a newer release, disable respective features, remove the product or replace the
product by another one.
Common Vulnerability Exposure (CVE) ID: CVE-2014-8770|
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.