CVE-2020-5776
HIGHCVSS 8.8/10EPSS 14.72%
Last modified
CVE-2020-5776 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.. EPSS estimates a 14.72% chance of exploitation in the next 30 days.
Description
Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Magmi Project | Magmi | All versions |
References
- https://www.tenable.com/security/research/tra-2020-51Third Party Advisory
- https://www.tenable.com/security/research/tra-2020-51Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-5776?
Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.
How severe is CVE-2020-5776?
CVE-2020-5776 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 14.72% probability of exploitation in the next 30 days.
How do I fix CVE-2020-5776?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2020-5776?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST