1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Magento database tool Magmi has a zero-day vulnerability

Discussion in 'Network World' started by RSS, Oct 14, 2015.

  1. RSS

    RSS New Member Member

    An open-source tool for importing content into the Magento e-commerce platform, called Magmi, has a zero-day vulnerability, according to security vendor Trustwave.

    The directory traversal flaw is in some versions of Magmi, which is used to move large amounts of data into Magento's SQL database. Such a flaw can allow access to other files or directories in a file system.

    "Successful exploitation results in access to Magento site credentials and the encryption key for the database," wrote Assi Barak, lead security researcher with Trustwave's SpiderLabs.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page