EPSS
Percentile
80.5%
dweeves/magmi is vulnerable to directory traversal attacks. These attacks are possible because it allows attackers to put .. into the file parameter in web/ajax_pluginconf.php.
..
web/ajax_pluginconf.php
packetstormsecurity.com/files/130250/Magento-Server-MAGMI-Cross-Site-Scripting-Local-File-Inclusion.html
www.exploit-db.com/exploits/35996
www.securityfocus.com/bid/74881
www.exploit-db.com/exploits/35996/