Researchers found a number of vulnerabilities within the MAGMI Magento plugin that would result in distant code execution on a susceptible Magento website.
Tenable printed a analysis advisory for 2 vulnerabilities impacting the Magento Mass Import (MAGMI) plugin. The issues had been found by Enguerran Gillier of the Tenable Net Software Safety Staff.
MAGMI is a Magento database consumer written in PHP, which permits to carry out uncooked bulk operations on the fashions of a web based retailer.
In Might, the FBI publicly issued a flash alert to warn of assaults within the wild exploiting a cross-site scripting vulnerability in MAGMI Magento plugin, tracked as CVE-2017-7391, to goal susceptible Magento websites.
Tenable researchers investigated the problems and found that the builders of the plugin have but to deal with a cross-site request forgery (CSRF) vulnerability current within the Magmi plugin. The builders solely addressed one of many vulnerabilities just lately.
An attacker can exploit the vulnerability to execute arbitrary code on servers working an internet site utilizing the Magmi Magento plugin, he may set off the flaw by tricking authenticated directors into clicking a malicious hyperlink.
“CVE-2020-5776 is a cross-site request forgery (CSRF) vulnerability in MAGMI for Magento. This flaw exists as a result of the GET and POST endpoints for MAGMI don’t implement CSRF safety, reminiscent of random CSRF tokens. An attacker may exploit this vulnerability to carry out a CSRF assault by tricking a Magento Administrator into clicking on a hyperlink whereas they’re authenticated to MAGMI.” reads the advisory printed by Tenable. “The attacker may hijack the administrator’s periods, permitting them to execute arbitrary code on the server the place MAGMI is hosted.”
Tenable launched a proof-of-concept code for the vulnerability on its official GitHub repository.
The Magmi Magento plugin can also be affected by an authentication bypass that may very well be exploited by attackers to make use of default credentials when the connection to the Magento database fails.
This second flaw, tracked as CVE-2020-5777, will be exploited by forcing a denial-of-service (DoS) situation to the Magento database connection.
“CVE-2020-5777 is an authentication bypass vulnerability in MAGMI for Magento model 0.7.23 and beneath as a result of presence of a fallback mechanism utilizing default credentials.” continues the advisory. “MAGMI makes use of HTTP Fundamental authentication and checks the username and password towards the Magento database’s admin_user desk. If the connection to the Magento database fails, MAGMI will settle for default credentials, that are magmi:magmi. As a consequence, an attacker may drive the database connection to fail as a result of a database denial of service (DB- DoS) assault, then authenticate to MAGMI utilizing the default credentials.”
Consultants had been in a position to set off a DoS situation when the utmost variety of MySQL connections was bigger than the utmost variety of concurrent HTTP connections accepted by the server.
“By sending a lot of concurrent connection requests that exceed the MySQL connections restrict, however not the utmost Apache HTTP connection restrict, attackers may briefly block entry to the Magento database and concurrently make an authenticated request to MAGMI utilizing the default credentials” – Enguerran Gillier
Consultants launched a PoC exploit code for this vulnerability, too.
Tenable reported the issues to the Magmi improvement staff on June 3, they acknowledged the problems on July 6 and launched a brand new model of the plugin on August 30. Sadly, the brand new launch solely addressed the authentication bypass flaw.
(SecurityAffairs – hacking, Magento plugin)
psv-2018-0612,awselb/2.0 exploit db,cve-2020-8515,cve-2020-1967,cve-2020-9484,cve-2020-3452,cve,awselb/2.0 vulnerabilities,cve list,cve details,cve list 2020,cve-search,cves