RSS   Vulnerabilities for 'Magmi'   RSS

2014-11-13
 
CVE-2014-8770

CWE-94
 

 
Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/.

 

 >>> Vendor: Magentocommerce 2 Products
Magento
Magmi


Copyright 2024, cxsecurity.com

 

Back to Top