Tenable Discovers Multiple Vulnerabilities in MAGMI Plugin for Magento (CVE-2020-5776, CVE-2020-5777)

On September 1, Tenable Research disclosed multiple vulnerabilities in the Magento Mass Import (MAGMI) Plugin for Magento. The vulnerabilities, identified as CVE-2020-5776 and CVE-2020-5777, were discovered by Enguerran Gillier, a member of the Tenable Web Application Security Team. These vulnerabilities were discovered after we investigated an FBI flash security alert from May 2020 about how the MAGMI plugin was exploited in the wild by attackers.

For more information about the vulnerabilities we discovered, including the availability of patches and Tenable product coverage, please visit our blog.