Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2N20td2M3Zy03Z2Zw
Cross-Site Request Forgery in MAGMI
All versions of MAGMI up to and including version 0.7.24 are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.
Permalink: https://github.com/advisories/GHSA-cv7m-wc7g-7gfpJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2N20td2M3Zy03Z2Zw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 3 years ago
Updated: over 1 year ago
CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Identifiers: GHSA-cv7m-wc7g-7gfp, CVE-2020-5776
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-5776
- https://www.tenable.com/security/research/tra-2020-51
- https://github.com/advisories/GHSA-cv7m-wc7g-7gfp
Affected Packages
packagist:dweeves/magmi
Dependent packages: 0Dependent repositories: 4
Downloads: 5,365 total
Affected Version Ranges: <= 0.7.24
No known fixed version
All affected versions: 0.7.19, 0.7.20, 0.7.21, 0.7.22, 0.7.24