High severityNVD Advisory· Published Nov 13, 2014· Updated May 6, 2026
CVE-2014-8770
CVE-2014-8770
Description
Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dweeves/magmiPackagist | <= 0.7.17a | — |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.exploit-db.com/exploits/35052nvdExploitThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-x3gh-95p8-43qvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-8770ghsaADVISORY
- osvdb.org/show/osvdb/113848nvdBroken Link
- sourceforge.net/projects/magmi/files/magmi-0.7/plugins/packagesghsaWEB
News mentions
0No linked articles in our index yet.