CVE-2020-5776

HIGH EXPLOITED IN THE WILD NUCLEI

MAGMI - Cross-Site Request Forgery

Title source: llm

Exploitation Summary

CVE-2020-5776 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). A Nuclei detection template is also available.

Description

Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.

Nuclei Templates (1)

MAGMI - Cross-Site Request Forgery

HIGHby dwisiswant0

Shodan: http.component:"Magento" || http.component:"magento"

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://www.tenable.com/security/research/tra-2020-51

Scores

CVSS v3 8.8

EPSS 0.1472

EPSS Percentile 96.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2021-06-01

InTheWild.io 2021-07-01

CWE

CWE-352

Status published

Products (2)

dweeves/magmi 0Packagist

magmi_project/magmi

Published Sep 01, 2020

Tracked Since Feb 18, 2026