CVE-2015-2067: Local file inclusion

February 24, 2015 (updated November 29, 2016)

Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

References

github.com/dweeves/magmi-git/commit/408320a2118f7474a482e968cd72c881bc712564
www.exploit-db.com/exploits/35996/

Code Behaviors & Features

Detect and mitigate CVE-2015-2067 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →