Home
» GitHub Advisories
» GHSA-c252-xc8v-mqmm
Description
Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Basic information
Type
reviewed
Severity
medium
Advisory on GitHub
Open advisory ↗
Repository advisory
—
Source code
Browse source ↗
Published (advisory)
2022-05-13 01:25:27 UTC
Updated
2023-12-07 21:27:11 UTC
GitHub reviewed
2023-07-31 23:42:03 UTC
NVD published
2015-02-24
EPSS Score
Score
Percentile
76.38%
98.92%
CVSS Scores
No CVSS scores in this advisory.
CWEs
CWE id
Name
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Affected packages (1)
Vulnerable version ranges and first patched releases as published by GitHub.
Ecosystem
Package
Vulnerable range
First patched
Vulnerable functions
composer
dweeves/magmi
<= 0.7.21
—
—
cvelogic
Threat Intelligence