MAGMI Magento Mass Importer Plugin CSRF Vulnerability CVE-2020-5776 Scanner
Details
Stay Up To Date
Follow @secforeveryoneAsset Type
DOMAIN,IP,URL
Need Membership
Yes
Asset Verify
Yes
API Support
Yes
Estimate Time (Second)
30
MAGMI Magento Mass Importer Plugin CSRF Vulnerability CVE-2020-5776 Scanner Detail
RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.
Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens.
Some Advice for Common Problems
Update your MAGMI (Magento Mass Importer) Plugin, to the latest version to eliminate this vulnerability.
