Magmi Project Magmi vulnerabilities
3 known vulnerabilities affecting magmi_project/magmi.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2017-7391P2MEDIUMCVSS 6.1ExploitedPoCv0.7.222017-04-01
CVE-2017-7391 [MEDIUM] CWE-79 CVE-2017-7391: A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insuf
A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the 'magmi-git-master/magmi/web/ajax_gettime.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
nvd
CVE-2020-5777P1CRITICALCVSS 9.8PoCfixed in 0.7.24vAll versions prior to version 0.7.242020-09-01
CVE-2020-5777 [CRITICAL] CWE-287 CVE-2020-5777: MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing defa
MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting max_connections (default 151) is lower than Apache (or another web server) setting MaxRequestWorkers (forme
nvd
CVE-2014-8770P2CRITICALCVSS 9.0PoC≤ 0.7.17a2014-11-13
CVE-2014-8770 [CRITICAL] CWE-94 CVE-2014-8770: Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importe
Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/.
nvd