Vulnerabilities > Magmi Project

DATE CVE VULNERABILITY TITLE RISK
2020-09-01 CVE-2020-5777 Improper Authentication vulnerability in Magmi Project Magmi
MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure.
network
low complexity
magmi-project CWE-287
7.5
2020-09-01 CVE-2020-5776 Cross-Site Request Forgery (CSRF) vulnerability in Magmi Project Magmi
Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens.
6.8
2017-04-01 CVE-2017-7391 Cross-site Scripting vulnerability in Magmi Project Magmi 0.7.22
A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'.
4.3
2014-11-13 CVE-2014-8770 Code Injection vulnerability in Magmi Project Magmi
Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/.
network
low complexity
magmi-project CWE-94
critical
9.0