CVE-2014-8770
published 2014-11-13CVE-2014-8770: Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition…
PriorityP258critical9CVSS 2.0
AVNACLAuSCCICAC
EXPLOIT
EPSS
6.54%
93.0th percentile
Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dweeves | magmi | 0 – 0.7.17a | — |
| magmi_project | magmi | <= 0.7.17a | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for ZIP file uploads to magmi/web/magmi.php followed by HTTP GET requests to magmi/plugins/ — this two-stage pattern (upload then access) is the exploitation sequence for CVE-2014-8770. ↗
- →Alert on POST requests to magmi/web/magmi.php with multipart/form-data content containing a ZIP file, especially from authenticated sessions — the plugin upload functionality performs no sanity checks on file contents. ↗
- →Detect PHP files appearing under the magmi/plugins/ directory that were not present before a ZIP upload event — attacker-dropped webshells will be extracted there. ↗
- →Flag POST requests to any PHP file under magmi/plugins/ containing a 'command' parameter — this matches the webshell's $_POST['command'] execution mechanism. ↗
- →Look for the string 'Plugin packaged installed' in HTTP responses to magmi/web/magmi.php — this confirms a successful plugin (potentially malicious) ZIP upload. ↗
- ·Exploitation requires authenticated access — unauthenticated attackers cannot directly exploit this vulnerability; however, MAGMI's authentication may be weak or bypassed in some deployments. ↗
- ·Affected versions are MAGMI 0.7.17a and earlier on Magento CE; the exploit was tested specifically against Magento CE 1.8 and older with MAGMI v0.7.17a. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MAGMI plugin for Magento Unsafe File Upload
ghsa·2022-05-14
CVE-2014-8770 [HIGH] CWE-94 MAGMI plugin for Magento Unsafe File Upload
MAGMI plugin for Magento Unsafe File Upload
Unrestricted file upload vulnerability in `magmi/web/magmi.php` in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in `magmi/plugins/`.
OSV
MAGMI plugin for Magento Unsafe File Upload
osv·2022-05-14
CVE-2014-8770 [HIGH] MAGMI plugin for Magento Unsafe File Upload
MAGMI plugin for Magento Unsafe File Upload
Unrestricted file upload vulnerability in `magmi/web/magmi.php` in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in `magmi/plugins/`.
No detection rules found.
No writeups or analysis indexed.
2014-11-13
Published