CVE-2020-5776: Cross-Site Request Forgery (CSRF)

September 1, 2020 (updated September 8, 2020)

MAGMI is vulnerable to CSRF due to the lack of anti-CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.

References

nvd.nist.gov/vuln/detail/CVE-2020-5776

Detect and mitigate CVE-2020-5776 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →