CVE-2020-5776

HIGH EXPLOITED IN THE WILD NUCLEI

MAGMI - CSRF

Title source: llm

Description

Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.

Nuclei Templates (1)

MAGMI - Cross-Site Request Forgery

HIGHby dwisiswant0

Shodan: http.component:"Magento" || http.component:"magento"

References (1)

[Third Party Advisory] https://www.tenable.com/security/research/tra-2020-51

Scores

CVSS v3 8.8

EPSS 0.7973

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2021-06-01

InTheWild.io 2021-07-01

CWE

CWE-352

Status published

Products (2)

dweeves/magmi 0Packagist

magmi_project/magmi

Published Sep 01, 2020

Tracked Since Feb 18, 2026