CVE-2020-5776

HIGH8.8EPSS 78.8%

Cross-Site Request Forgery in MAGMI

Published: 5/6/2021Modified: 11/8/2023

Description

All versions of MAGMI up to and including version 0.7.24 are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.

Affected packages (1)

Packagist/dweeves/magmifrom 0, <= 0.7.24

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-5776
WEBhttps://www.tenable.com/security/research/tra-2020-51