Vulnerability Details CVE-2020-5776
Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.752
EPSS Ranking 98.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
Products affected by CVE-2020-5776
-
cpe:2.3:a:magmi_project:magmi:-
-
cpe:2.3:a:magmi_project:magmi:0.6
-
cpe:2.3:a:magmi_project:magmi:0.6.1
-
cpe:2.3:a:magmi_project:magmi:0.6.12
-
cpe:2.3:a:magmi_project:magmi:0.6.13
-
cpe:2.3:a:magmi_project:magmi:0.6.14
-
cpe:2.3:a:magmi_project:magmi:0.6.15
-
cpe:2.3:a:magmi_project:magmi:0.6.16
-
cpe:2.3:a:magmi_project:magmi:0.6.17
-
cpe:2.3:a:magmi_project:magmi:0.6.17a
-
cpe:2.3:a:magmi_project:magmi:0.6.2
-
cpe:2.3:a:magmi_project:magmi:0.6.3
-
cpe:2.3:a:magmi_project:magmi:0.6.4
-
cpe:2.3:a:magmi_project:magmi:0.6.5
-
cpe:2.3:a:magmi_project:magmi:0.6.6
-
cpe:2.3:a:magmi_project:magmi:0.6.7
-
cpe:2.3:a:magmi_project:magmi:0.6.8
-
cpe:2.3:a:magmi_project:magmi:0.6.9
-
cpe:2.3:a:magmi_project:magmi:0.7.12
-
cpe:2.3:a:magmi_project:magmi:0.7.14
-
cpe:2.3:a:magmi_project:magmi:0.7.15
-
cpe:2.3:a:magmi_project:magmi:0.7.15b
-
cpe:2.3:a:magmi_project:magmi:0.7.16
-
cpe:2.3:a:magmi_project:magmi:0.7.17
-
cpe:2.3:a:magmi_project:magmi:0.7.17a
-
cpe:2.3:a:magmi_project:magmi:0.7.18
-
cpe:2.3:a:magmi_project:magmi:0.7.19
-
cpe:2.3:a:magmi_project:magmi:0.7.19a
-
cpe:2.3:a:magmi_project:magmi:0.7.20
-
cpe:2.3:a:magmi_project:magmi:0.7.21
-
cpe:2.3:a:magmi_project:magmi:0.7.22
-
cpe:2.3:a:magmi_project:magmi:0.7.24