cbcvebase.
CVE-2015-2067
published 2015-02-24

CVE-2015-2067: Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read…

PriorityP274medium5CVSS 2.0
AVNACLAuNCPINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
39.42%
98.4th percentile
Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
dweevesmagmi0 – 0.7.21

Detection & IOCsextracted from sources · hover to see the quote

path/magmi/web/ajax_pluginconf.php
url{{BaseURL}}/magmi/web/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=CustomSQLUtility
commandGET /magmi/web/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=CustomSQLUtility
  • Detect exploitation attempts by monitoring GET requests to /magmi/web/ajax_pluginconf.php containing directory traversal sequences (../) in the 'file' parameter, particularly targeting /etc/passwd.
  • Successful exploitation returns a valid HTTP 200 response with Unix /etc/passwd content matching the pattern 'root:.*:0:0:'.
  • The attack uses query parameters plugintype=utilities and pluginclass=CustomSQLUtility alongside the traversal payload; filter for these parameter combinations in web logs.
  • Use Shodan queries 'http.component:"Magento"' or 'http.component:"magento"' to identify exposed Magento instances that may be running the vulnerable MAGMI plugin.
  • ·The vulnerability is unauthenticated (Au:N) and network-accessible (AV:N) with low complexity (AC:L), meaning no credentials or special conditions are required to exploit it.
  • ·The EPSS score of 0.76384 (98.9th percentile) indicates this vulnerability has a very high probability of exploitation in the wild; prioritize detection and patching accordingly.

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.