Every CVE whose affected-product data names Magmi Project Magmi, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2020-5777 — CVSS 9.8 (critical): MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a…
CVE-2014-8770 — CVSS 9.0 (critical): Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for…
CVE-2020-5776 — CVSS 8.8 (high): Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event…
CVE-2017-7391 — CVSS 6.1 (medium): A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied…
CVE-2015-2067 — CVSS 5.0 (medium): Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows…
CVE-2015-2068 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allow remote…