Описание
Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/.
Ссылки
- Broken Link
- ExploitThird Party AdvisoryVDB Entry
- Broken Link
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 0.7.17a (включая)
cpe:2.3:a:magmi_project:magmi:*:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.2613
Средний
9 Critical
CVSS2
Дефекты
CWE-94
Связанные уязвимости
EPSS
Процентиль: 96%
0.2613
Средний
9 Critical
CVSS2
Дефекты
CWE-94