Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-2067

EPSS 76.38% · P99
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2015-2067

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Magento Server MAGMI插件目录遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Magento是美国Magento公司的一套开源的PHP电子商务系统,它提供权限管理、搜索引擎和支付网关等功能。Magento Server是Magento服务器。MAGMI(又名Magento Mass Importer)是其中的一个用于将大量的产品目录导入到Magento系统中的插件。 Magento Server MAGMI插件中的web/ajax_pluginconf.php脚本存在目录遍历漏洞。远程攻击者可借助‘file’参数中的目录遍历字符‘..’利用该漏洞读取任意文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2015-2067

#POC DescriptionSource LinkShenlong Link
1Magento Server MAGMI (aka Magento Mass Importer) contains a directory traversal vulnerability in web/ajax_pluginconf.php. that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2015/CVE-2015-2067.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2015-2067

登录查看更多情报信息。

Same Patch Batch · n/a · 2015-02-24 · 22 CVEs total

CVE-2015-2070ETouch Systems SamePage Enterprise Edition SQL注入漏洞
CVE-2015-0240Samba 代码问题漏洞
CVE-2015-1881OpenStack Image Registry and Delivery Service 资源管理错误漏洞
CVE-2015-1605Dell ScriptLogic Asset Manager SQL注入漏洞
CVE-2015-1572e2fsprogs libext2fs库基于堆的缓冲区溢出漏洞
CVE-2015-0555Samsung iPOLiS Device Manager 缓冲区溢出漏洞
CVE-2014-9684OpenStack Image Registry and Delivery Service 资源管理错误漏洞
CVE-2014-9402GNU C Library 资源管理错误漏洞
CVE-2014-8487Kony Management 信息泄露漏洞
CVE-2013-7423GNU C Library 代码注入漏洞
CVE-2015-2071ETouch Systems SamePage Enterprise Edition 目录遍历漏洞
CVE-2015-2077Komodia SDK for Komodia Redirector with SSL Digestor 信息泄露漏洞
CVE-2015-2069WordPress WooCommerce插件跨站脚本漏洞
CVE-2015-2068Magento Server MAGMI插件跨站脚本漏洞
CVE-2015-2066DLGuard SQL注入漏洞
CVE-2015-2065WordPress Apptha WordPress Video Gallery插件SQL注入漏洞
CVE-2015-2064DLGuard 跨站脚本漏洞
CVE-2014-9282Android Speed Root Explorer和Android Speed Explorer应用程序目录遍历漏洞
CVE-2014-6115IBM Rational Insight 信息泄露漏洞
CVE-2014-4818IBM Tivoli Storage Manager dsmtca程序信息泄露漏洞

Showing top 20 of 22 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2015-2067

No comments yet

Leave a comment