.. / CVE-2020-5777

Exploit for Magento Mass Importer <0.7.24 - Remote Auth Bypass (CVE-2020-5777)

Description:

Magento Mass Importer (aka MAGMI) versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure.

Nuclei Template

View the template here CVE-2020-5777.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-5777.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://www.tenable.com/security/research/tra-2020-51
https://github.com/404notf0und/CVE-Flow
https://github.com/dweeves/magmi-git/blob/18bd9ec905c90bfc9eaed0c2bf2d3525002e33b9/magmi/inc/magmi_auth.php#L35
https://nvd.nist.gov/vuln/detail/CVE-2020-5777

.. / CVE-2020-5777 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Magento Mass Importer <0.7.24 - Remote Auth Bypass (CVE-2020-5777)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-5777