Description
Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/.
Exploits
350522014-10-25webappsPHP
Magento Server MAGMI Plugin 0.7.17a - Remote File Inclusion
By Parvinder Bhasin
References
cve@mitre.org
http://osvdb.org/show/osvdb/113848cve@mitre.org
http://www.exploit-db.com/exploits/35052af854a3a-2127-422b-91ae-364da2661108
http://osvdb.org/show/osvdb/113848af854a3a-2127-422b-91ae-364da2661108
http://www.exploit-db.com/exploits/35052