Zero-Day in Magento plug-in could allow attacker to steal data

October 14, 2015

Via: hacker

Researchers at Trustwave spotted a zero-day in the Magmi plugin for the e-commerce platform that can be used by an attacker to access and potentially gain complete control of the a user’s Magento database.

The vulnerability exists in Magmi version 0.7.21 and prior when downloaded from SourceForge however, versions downloaded from Github are not currently vulnerable.

Read More