Magento Server MAGMI Cross Site Scripting / Local File Inclusion Network Vulnerability

Summary

Magento Server MAGMI is prone to cross site scripting and local file inclusion vulnerabilities.

Impact

Remote attackers can use specially crafted requests with directory- traversal sequences ('../') to read arbitrary files in the context of the application. This may aid in further attacks.

Solution

Ask the Vendor for an update.

Detection

Send a special crafted HTTP GET request and check the response

References

http://packetstormsecurity.com/files/130250/Magento-Server-MAGMI-Cross-Site-Scripting-Local-File-Inclusion.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-8737
CVSS Base Score: 3.6
AV:L/AC:L/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Fingerprint web server with favicon.ico
OTRS Ticket CustomerID Value Restriction Bypass Vulnerability
Firefox Information Disclosure Vulnerability Jan09 (Linux)
Apache Tomcat SecurityManager Security Bypass Vulnerability
phpShop 'page' Parameter Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities