RCE in Magmi_project Magmi

CVE-2014-8770

Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.132 (94.3th percentile) — read the EPSS interpretation.

Affected products

Magmi_project Magmi
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

113848 (x_refsource_OSVDB, vdb-entry, Broken Link)
35052 (Exploit, exploit, Third Party Advisory, VDB Entry, x_refsource_EXPLOIT-DB)