Summary
Magento Server MAGMI is prone to cross site scripting and local file inclusion vulnerabilities.
Impact
Remote attackers can use specially crafted requests with directory- traversal sequences ('../') to read arbitrary files in the context of the application. This may aid in further attacks.
Solution
Ask the Vendor for an update.
Detection
Send a special crafted HTTP GET request and check the response
References
Severity
Classification
-
CVE CVE-2014-8737 -
CVSS Base Score: 3.6
AV:L/AC:L/Au:N/C:N/I:P/A:P
Related Vulnerabilities