Miggo Logo
Miggo Vulnerability Database
CVE-2020-9664

CVE-2020-9664: Magento php object injection vulnerability

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-9664
GHSA ID
GHSA-337c-3rch-q35j
EPSS Score
0.94572%
CWE
CWE-94
Published
5/24/2022
Updated
1/11/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
magento/corecomposer<= 1.9.4.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insecure deserialization of user-controlled data, a common pattern in Magento's admin configuration handling. The CWE-502 (Deserialization of Untrusted Data) alignment and historical context of similar Magento vulnerabilities (e.g., SUPEE-5344) support this conclusion. The 'groups' parameter in the admin System Config controller is processed via unserialize(), which, when combined with the critical severity and remote exploitability described in the CVE, strongly indicates this as the vulnerable entry point. While CVSS metrics suggest no privileges are required, the Adobe advisory implies CSRF-like admin interaction, which aligns with the admin controller context.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

M***nto v*rsions *.**.*.* *n* **rli*r, *n* *.*.*.* *n* **rli*r **v* * p*p o*j**t inj**tion vuln*r**ility. Su***ss*ul *xploit*tion *oul* l*** to *r*itr*ry *o** *x**ution. * p*t** SUP**-***** is *v*il**l* *t [M***nto Op*n Sour** *ownlo** P***](*ttps://

Reasoning

T** vuln*r**ility st*ms *rom ins**ur* **s*ri*liz*tion o* us*r-*ontroll** **t*, * *ommon p*tt*rn in M***nto's **min *on*i*ur*tion **n*lin*. T** *W*-*** (**s*ri*liz*tion o* Untrust** **t*) *li*nm*nt *n* *istori**l *ont*xt o* simil*r M***nto vuln*r**ili