MAGMI plugin for Magento Server Directory Traversal

Description

Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Basic information

Type
reviewed
Severity
medium
Advisory on GitHub
Open advisory ↗
Repository advisory
Source code
Browse source ↗
Published (advisory)
2022-05-13 01:25:27 UTC
Updated
2023-12-07 21:27:11 UTC
GitHub reviewed
2023-07-31 23:42:03 UTC
NVD published
2015-02-24

EPSS Score

Score Percentile
76.38% 98.92%

CVSS Scores

No CVSS scores in this advisory.

Identifiers

CWEs

CWE id Name
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
composer dweeves/magmi <= 0.7.21

References

cvelogic Threat Intelligence