CSRF Vulnerability in MAGMI Allows for Remote Code Execution

CSRF Vulnerability in MAGMI Allows for Remote Code Execution

CVE-2020-5776 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.

Learn more about our Web Application Penetration Testing UK.