CVE-2015-2067

EXPLOITED NUCLEI

Magmi - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Exploits (1)

exploitdb WORKING POC

by SECUPENT · textwebappsphp

https://www.exploit-db.com/exploits/35996

View Code ZIP pw:eip

Nuclei Templates (1)

Magento Server MAGMI - Directory Traversal

MEDIUMby daffainfo

Shodan: http.component:"Magento" || http.component:"magento"

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/130250/Magento-Server-MAGMI-Cross-Site-Scripting-Local-File-Inclusion.html

[Exploit, Third Party Advisory, VDB Entry] http://www.exploit-db.com/exploits/35996

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/74881

Scores

EPSS 0.7638

EPSS Percentile 98.9%

Details

VulnCheck KEV 2020-11-22

CWE

CWE-22

Status published

Products (2)

dweeves/magmi 0Packagist

magmi_project/magmi

Published Feb 24, 2015

Tracked Since Feb 18, 2026