CVE-2020-5776, CVE-2020-5777: Multiple Vulnerabilities in the MAGMI Magento Mass Import Plugin


On September 1, we published TRA-2020-51, a Tenable Research Advisory for two vulnerabilities in the Magento Mass Import (MAGMI) plugin. These vulnerabilities were discovered by Enguerran Gillier of the Tenable Web Application Security Team. MAGMI is a Magento database client written in PHP, which is used to perform raw bulk operations on the models of an online store. Our research into these vulnerabilities follows an FBI flash security alert that became public in May 2020 regarding in-the-wild exploitation of CVE-2017-7391, a cross-site scripting vulnerability in MAGMI that was used to target vulnerable Magento sites.

Read more…