GHSA-c252-xc8v-mqmm

Suggest an improvement
Source
https://github.com/advisories/GHSA-c252-xc8v-mqmm
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c252-xc8v-mqmm/GHSA-c252-xc8v-mqmm.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-c252-xc8v-mqmm
Aliases
  • CVE-2015-2067
Published
2022-05-13T01:25:27Z
Modified
2024-02-16T08:12:53.700356Z
Summary
MAGMI plugin for Magento Server Directory Traversal
Details

Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

References

Affected packages

Packagist / dweeves/magmi

Package

Name
dweeves/magmi
Purl
pkg:composer/dweeves/magmi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.7.21

Affected versions

0.*

0.7.19a
0.7.19
0.7.20
0.7.21