CVE-2014-8770

MAGMI <0.7.17a - RCE

Title source: llm

Description

Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/.

Exploits (1)

exploitdb WORKING POC
by Parvinder Bhasin · textwebappsphp
https://www.exploit-db.com/exploits/35052

References (2)

Scores

EPSS 0.1317
EPSS Percentile 94.2%

Details

CWE
CWE-94
Status published
Products (2)
dweeves/magmi 0Packagist
magmi_project/magmi < 0.7.17a
Published Nov 13, 2014
Tracked Since Feb 18, 2026