Limited Black Friday Offer:

Magento Server Magmi Plugin - Directory Traversal Vulnerability CVE-2015-2067 Scanner

There is a directory traversal vulnerability in Magento Server Magmi Plugin, which allow remote attackers to read arbitrary files.

Short Info

Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Parent Category

Magento Server Magmi Plugin - Directory Traversal Vulnerability CVE-2015-2067 Scanner Detail

Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

http://packetstormsecurity.com/files/130250/Magento-Server-MAGMI-Cross-Site-Scripting-Local-File-Inclusion.html
http://www.exploit-db.com/exploits/35996
http://www.securityfocus.com/bid/74881