CVE-2015-2067

Name of the Vulnerable Software and Affected Versions MAGMI (aka Magento Mass Importer) plugin for Magento Server (affected versions not specified)

Description The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter of the web/ajax pluginconf.php file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.