daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2020/CVE-2020-5776.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-06-28 11:11:04 -04:00
parent 615aee1228
commit 135a48301f
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cves/2020/CVE-2020-5776.yaml
View File

@ -1,12 +1,13 @@
id: CVE-2020-5776 id: CVE-2020-5776
info: info:
name: Cross Site Request Forgery (CSRF) in MAGMI (Magento Mass Importer) Plugin name: MAGMI - Cross-Site Request Forgery
author: dwisiswant0 author: dwisiswant0
severity: high severity: high
description: Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI. description: MAGMI (Magento Mass Importer) is vulnerable to cross-site request forgery (CSRF) due to the lack of CSRF tokens. Remote code execution (via phpcli command) is also possible in the event that CSRF is leveraged against an existing admin session.
reference: reference:
- https://www.tenable.com/security/research/tra-2020-51 - https://www.tenable.com/security/research/tra-2020-51
- https://nvd.nist.gov/vuln/detail/CVE-2020-5776
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss-score: 8.8 cvss-score: 8.8
@ -46,3 +47,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/06/28