Vulnerabilities > Magmi Project > Magmi > 0.6.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-01 | CVE-2020-5777 | Improper Authentication vulnerability in Magmi Project Magmi MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. | 7.5 |
2014-11-13 | CVE-2014-8770 | Code Injection vulnerability in Magmi Project Magmi Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/. | 9.0 |