Описание
Cross-Site Request Forgery in MAGMI
All versions of MAGMI up to and including version 0.7.24 are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.
Пакеты
Наименование
dweeves/magmi
composer
Затронутые версииВерсия исправления
<= 0.7.24
Отсутствует
Связанные уязвимости
CVSS3: 8.8
nvd
больше 5 лет назад
Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.