Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| dweeves/magmi(Packagist) | 0 | N/A | N/A |
CVSS Metrics
