Unrestricted File Upload Vulnerability in MAGMI Plugin for Magento Community Edition
CVE-2014-8770 · HIGH Severity
AV:N/AC:L/AU:S/C:C/I:C/A:C
Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/.
Learn more about our Web App Pen Testing.