Skip to content
Nuclei Templates

Magento Mass Importer <0.7.24 - Remote Auth Bypass

ID: CVE-2020-5777

Severity: critical

Author: dwisiswant0

Tags: cve,cve2020,plugin,tenable,magmi,magento,auth,bypass,magmi_project

Description

Section titled “Description”

Magento Mass Importer (aka MAGMI) versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure.

YAML Source

Section titled “YAML Source”
id: CVE-2020-5777


info:
  name: Magento Mass Importer  <0.7.24 - Remote Auth Bypass
  author: dwisiswant0
  severity: critical
  description: Magento Mass Importer (aka MAGMI) versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure.
  impact: |
    An attacker can bypass authentication and gain unauthorized access to the Magento Mass Importer plugin.
  remediation: |
    Upgrade to version 0.7.24 or later to fix the authentication bypass vulnerability.
  reference:
    - https://github.com/dweeves/magmi-git/blob/18bd9ec905c90bfc9eaed0c2bf2d3525002e33b9/magmi/inc/magmi_auth.php#L35
    - https://nvd.nist.gov/vuln/detail/CVE-2020-5777
    - https://www.tenable.com/security/research/tra-2020-51
    - https://github.com/404notf0und/CVE-Flow
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-5777
    cwe-id: CWE-287
    epss-score: 0.05608
    epss-percentile: 0.93255
    cpe: cpe:2.3:a:magmi_project:magmi:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: magmi_project
    product: magmi
    shodan-query:
      - http.component:"Magento"
      - http.component:"magento"
  tags: cve,cve2020,plugin,tenable,magmi,magento,auth,bypass,magmi_project


http:
  - raw:
      - |
        GET /index.php/catalogsearch/advanced/result/?name=e HTTP/1.1
        Host: {{Hostname}}
        Connection: close


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Too many connections"


      - type: status
        status:
          - 503
# digest: 4a0a00473045022100cbe9f23aafdf171188a7c7e9d43666418bab3fdf4a2de675e07708a20998bdf8022037767d219838b3f6a81493218259f32d327a2238beb0926b398ec5c3169ba2b2:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2020/CVE-2020-5777.yaml"

View on Github