CVE-2014-8770 (HIGH) CVSS 9.0

🟠 Severity: HIGH (CVSS 9.0)

Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/.

Published: 2014-11-13
Last Modified: 2026-05-06 ⚠️

References:

• osvdb.org/show/osvd…
• www.exploit-db.com/exploits/…
• osvdb.org/show/osvd…
• www.exploit-db.com/exploits/…

View Full CVE Details on NIST NVD →