Get a Pentest and security assessment of your IT network.

Cyber Security

Magento plugin Magmi vulnerable to hijacking admin sessions

A cross-site request forgery (CSRF) vulnerability continues to be present in Magmi plugin for Magento online stores. Hackers can use the flaw to execute arbitrary code on servers running Magmi (Magento Mass Importer) by tricking authenticated administrators into clicking a malicious link. A new version of the plugin emerged on August 30 with a fix just for the authentication bypass vulnerability. Magmi is compatible with Magento 1.x that is no longer under active support, the plugin’s download count over the past six months indicates hundreds of installations.

Source: https://www.bleepingcomputer.com/news/security/magento-plugin-magmi-vulnerable-to-hijacking-admin-sessions/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation