Magento Server MAGMI is prone to cross site scripting and local file inclusion vulnerabilities.
Remote attackers can use specially crafted requests with directory- traversal sequences ('../') to read arbitrary files in the context of the application. This may aid in further attacks.
Ask the Vendor for an update.
Send a special crafted HTTP GET request and check the response
- OTRS move_into Restriction Bypass Vulnerability
- Novatel Wireless MiFi 2352 Password Information Disclosure Vulnerability
- Alpha Networks ADSL2/2+ Wireless Router version ASL-26555 Password Information Disclosure Vulnerability
- Mailman Detection
- ownCloud Multiple Cross Site Scripting Vulnerabilities -01 May14