A duo of vulnerabilities discovered in the MAGMI Magento plugin could result in remote code execution (RCE) on vulnerable sites using Magento.
The flaws in the Magento database client used for raw bulk operations on online store models were found by researcher Enguerran Gillier, a member of the Tenable Web Application Security Team, according to blog post penned by Tenable researchers.
One of the bugs is a cross-site request forgery (CSRF) vulnerability in MAGMI for Magento, CVE-2020-5776, that Tenable said “exists because the GET and POST endpoints for MAGMI don’t implement CSRF protection.” As a result, a miscreant could trick a Magento administration into clicking a link as they are being authenticated to MAGMI. From there, attackers could hijack administrator sessions and execute arbitrary code on a server where MAGMI resides.
The other vulnerability, CVE-2020-5777, an authentication bypass vulnerability in MAGMI for Magento version 0.7.23 and below, stems from a fallback mechanism that uses default credentials magmi:magmi. “As a consequence, an attacker could force the database connection to fail due to a database denial of service (DB- DoS) attack, then authenticate to MAGMI using the default credentials,” Tenable researchers wrote.