Magento Server MAGMI Cross Site Scripting / Local File Inclusion Network Vulnerability

Summary

Magento Server MAGMI is prone to cross site scripting and local file inclusion vulnerabilities.

Impact

Remote attackers can use specially crafted requests with directory- traversal sequences ('../') to read arbitrary files in the context of the application. This may aid in further attacks.

Solution

Ask the Vendor for an update.

Detection

Send a special crafted HTTP GET request and check the response

References

http://packetstormsecurity.com/files/130250/Magento-Server-MAGMI-Cross-Site-Scripting-Local-File-Inclusion.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-8737

CVSS	Base Score: 3.6 AV:L/AC:L/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Atlassian Confluence Multiple Cross Site Scripting Vulnerabilities
Ariadne Multiple Cross-Site Scripting Vulnerabilities
phpLDAPadmin 'base' Parameter Cross Site Scripting Vulnerability
OTRS Event Notification Information Disclosure Vulnerability
ASUS RT-N56U Wireless Router 'QIS_wizard.htm' Password Information Disclosure Vulnerability

Take action and discover your vulnerabilities