Magento Server MAGMI is prone to cross site scripting and local file inclusion vulnerabilities.
Remote attackers can use specially crafted requests with directory- traversal sequences ('../') to read arbitrary files in the context of the application. This may aid in further attacks.
Ask the Vendor for an update.
Send a special crafted HTTP GET request and check the response
- Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
- OTRS move_into Restriction Bypass Vulnerability
- NetSaro Enterprise Messenger Cross Site Scripting and HTML Injection Vulnerabilities
- IBM WebSphere Application Server SIP Logging Information Disclosure Vulnerability
- OTRS Rich-text-editor XSS Vulnerability