Magento Security

Critical Vulnerabilities Found in Magento Amasty RMA Extension – Update Immediately

Updated on: June 11, 2020

Shikhil Sharma Shikhil Sharma

1 min read

Critical Vulnerabilities Found in Magento Amasty RMA Extension – Update Immediately

About Amasty RMA Extension Vulnerabilities

This Blog Includes show

During a security audit engagement with a client using Magento, our engineers discovered a few critical vulnerabilities in Amasty RMA extension. The first vulnerability allows a hacker to upload malicious files on the server. Since php files can also be uploaded, a hacker can easily upload malicious shells like c99, r57, anishell etc to the server.

If additional checks are not in-place, a hacker would get hold of entire server by exploiting this. Another vulnerability, which was not found only in a few websites using RMA allows a hacker to download any directory from the server.

With some information available about the web app, a hacker can download critical files from the server.

Details of the Vulnerability

  • Malicious File Upload: The upload area can be exploited by hackers to upload malicious files. Like while trying we were able to upload a php shell. That’s why its very important to secure Magento file upload. See the picture below:
    Magento RMA Extension Vulnerability fileupload
  • Directory Traversal/file download: If the following request(see picture below) is made, an file on the server can be downloaded. For common files like .htaccess etc. which are present on almost every servers hackers can easily guess and download them. However, our client who was on magento 1.9 was vulnerable to this but reproducing on other versions wasn’t possible.
    Magento RMA Extension Vulnerability directory traversal

Consequences of Magento RMA Vulnerabilities

  • Possible compromise of the complete server
  • Server file download by hackers
  • Targeted attack on end users/admins possible

Timeline

Amasty team was very quick in fixing the vulnerability. We received a quick reply from Kirill, product manager of RMA plug-in. Following which the patch was released within a few days.

Magento secure file upload

It’s very important to secure Magento file uploads, because the upload area can be exploited by hackers to upload malicious files. Like while trying we were able to upload a php shell.

Tags: , , ,

Shikhil Sharma

Shikhil Sharma

Shikhil Sharma is the founder & CEO of Astra Security. Being involved with cybersecurity for over six years now, his vision is to make cyber security a 5-minute affair. Shikhil plays on the line between security and marketing. When not thinking about how to make Astra super simple, Shikhil can be found enjoying alternative rock or a game of football. Astra Security has been rewarded at Global Conference on Cyber Security by PM of India Mr. Narendra Modi. French President Mr. François Hollande also rewarded Astra under the La French Tech program. Astra Security is also a NASSCOM Emerge 50 company.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments

Related Articles

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders
Astra Security

We make security simple and hassle-free for thousands of websites & businesses worldwide.

See our glowing reviews on

Pentest

Company

Resources

Services

Made with ❤️ in USA France India Germany

Copyright © 2024 ASTRA IT, Inc. All Rights Reserved.

Privacy Policy Terms of Service Report a vulnerability