CVE-2020-5776

描述

All versions of MAGMI up to and including version 0.7.24 are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.

如何修補 CVE-2020-5776

目前尚未發布修補版本。可考慮移除受影響套件,或參考下方連結中的上游建議。

• Packagist/dweeves/magmi—未列出修補版本

CVE-2020-5776 正在被利用嗎?

可能 — EPSS 為 78.8%,屬於高被利用機率區間,建議優先修補。

受影響套件(1)

• from 0, <= 0.7.24

CVSS 分數

參考連結(2)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2020-5776
• WEBwww.tenable.com/security/research/tra-2020-51