Miggo Logo
Miggo Vulnerability Database
CVE-2014-8770

CVE-2014-8770: MAGMI plugin for Magento Unsafe File Upload

N/A

CVSS Score

Basic Information

CVE ID
CVE-2014-8770
GHSA ID
GHSA-x3gh-95p8-43qv
EPSS Score
0.96056%
CWE
CWE-94
Published
5/14/2022
Updated
8/16/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
dweeves/magmicomposer<= 0.7.17a

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability arises from improper handling of uploaded ZIP files in MAGMI's plugin installation process. The exploit involves uploading a ZIP containing a PHP file, which is extracted into the web-accessible magmi/plugins/ directory. The critical flaw is the use of ZipArchive::extractTo() in magmi/web/magmi.php without validating the extracted file types. This allows attackers to upload and execute arbitrary PHP code. The function ZipArchive::extractTo() is directly responsible for writing the malicious file to the server, and its lack of input validation makes it the clear vulnerable component. Confidence is high because the exploit's success hinges on this extraction mechanism, and ZipArchive::extractTo() is the standard PHP method for ZIP extraction.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Unr*stri*t** *il* uplo** vuln*r**ility in `m**mi/w**/m**mi.p*p` in t** M**MI (*k* M***nto M*ss Import*r) plu*in *.*.*** *n* **rli*r *or M***nto *ommunity **ition (**) *llows r*mot* *ut**nti**t** us*rs to *x**ut* *r*itr*ry *o** *y uplo**in* * ZIP *il*

Reasoning

T** vuln*r**ility *ris*s *rom improp*r **n*lin* o* uplo**** ZIP *il*s in M**MI's plu*in inst*ll*tion pro**ss. T** *xploit involv*s uplo**in* * ZIP *ont*inin* * P*P *il*, w*i** is *xtr**t** into t** w**-****ssi*l* `m**mi/plu*ins/` *ir**tory. T** *riti