All versions of MAGMI up to and including version 0.7.24 are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.
{ "nvd_published_at": "2020-09-01T21:15:00Z", "github_reviewed_at": "2021-05-05T19:10:44Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-352" ] }