An open-source tool for importing content into the Magento e-commerce platform, called Magmi, has a zero-day vulnerability, according to security vendor Trustwave.
The directory traversal flaw is in some versions of Magmi, which is used to move large amounts of data into Magento’s SQL database. Such a flaw can allow access to other files or directories in a file system.
“Successful exploitation results in access to Magento site credentials and the encryption key for the database,” wrote Assi Barak, lead security researcher with Trustwave’s SpiderLabs.
Powered by WPeMatico