Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2067

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-2067
Last Modified 25 Feb 2015 01:09:12
Published 24 Feb 2015 12:59:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-2067

Summary

Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Vulnerable Systems

Application

  • Magmi -


References

EXPLOIT-DB - 35996

MISC - http://packetstormsecurity.com/files/130250/Magento-Server-MAGMI-Cross-Site-Scripting-Local-File-Inclusion.html


Last Updated: 27 May 2016 11:07:57