CVE-2020-5777

CVE-2020-5777 is a critical-severity vulnerability in Magmi Project Magmi with a CVSS 3.x base score of 9.8. Its EPSS exploit-prediction score of 24% places it in the 98th percentile, indicating an elevated likelihood of exploitation. The underlying weakness is classified as CWE-287.

Key facts

Description

MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting max_connections (default 151) is lower than Apache (or another web server) setting MaxRequestWorkers (formerly MaxClients) (default 256). This can be done by sending at least 151 simultaneous requests to the Magento website to trigger a "Too many connections" error, then use default magmi:magmi basic authentication to remotely bypass authentication.

Frequently asked questions

What is CVE-2020-5777?
MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting max_connections (default 151) is lower than Apache (or another web server) setting MaxRequestWorkers (formerly MaxClients) (default 256). This can be done by sending at least 151 simultaneous requests to the Magento website to trigger a "Too many connections" error, then use default magmi:magmi basic authentication to remotely bypass authentication.
How severe is CVE-2020-5777?
CVE-2020-5777 has a CVSS 3.x base score of 9.8, rated critical severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
Is CVE-2020-5777 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 24% (98th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2020-5777?
CVE-2020-5777 affects Magmi Project Magmi. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2020-5777?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
When was CVE-2020-5777 published?
CVE-2020-5777 was published on 2020-09-01 and last updated on 2026-06-17.

References

Affected products (1)

More vulnerabilities in Magmi Project Magmi

All CVEs affecting Magmi Project Magmi →

Other CWE-287 (Improper Authentication) vulnerabilities

Browse all CWE-287 (Improper Authentication) vulnerabilities →