Magento Security

Critical Vulnerabilities Found in Magento Amasty RMA Extension – Update Immediately

Updated on: June 11, 2020

Critical Vulnerabilities Found in Magento Amasty RMA Extension – Update Immediately

About Amasty RMA Extension Vulnerabilities

During a security audit engagement with a client using Magento, our engineers discovered a few critical vulnerabilities in Amasty RMA extension. The first vulnerability allows a hacker to upload malicious files on the server. Since php files can also be uploaded, a hacker can easily upload malicious shells like c99, r57, anishell etc to the server.

If additional checks are not in-place, a hacker would get hold of entire server by exploiting this. Another vulnerability, which was not found only in a few websites using RMA allows a hacker to download any directory from the server.

With some information available about the web app, a hacker can download critical files from the server.

Details of the Vulnerability

  • Malicious File Upload: The upload area can be exploited by hackers to upload malicious files. Like while trying we were able to upload a php shell. That’s why its very important to secure Magento file upload. See the picture below:
    Magento RMA Extension Vulnerability fileupload
  • Directory Traversal/file download: If the following request(see picture below) is made, an file on the server can be downloaded. For common files like .htaccess etc. which are present on almost every servers hackers can easily guess and download them. However, our client who was on magento 1.9 was vulnerable to this but reproducing on other versions wasn’t possible.
    Magento RMA Extension Vulnerability directory traversal

Consequences of Magento RMA Vulnerabilities

  • Possible compromise of the complete server
  • Server file download by hackers
  • Targeted attack on end users/admins possible

Timeline

Amasty team was very quick in fixing the vulnerability. We received a quick reply from Kirill, product manager of RMA plug-in. Following which the patch was released within a few days.

Magento secure file upload

It’s very important to secure Magento file uploads, because the upload area can be exploited by hackers to upload malicious files. Like while trying we were able to upload a php shell.

Was this post helpful?

Tags: , , ,

Shikhil Sharma

Shikhil Sharma is the founder & CEO of Astra Web Security. Being involved with cybersecurity for over six years now, his vision is to make cyber security a 5-minute affair. Shikhil plays on the line between security and marketing.From time to time, he shares his knowledge on core cybersecurity topics on Astra’s blog. When not thinking about how to make Astra super simple, Shikhil can be found enjoying alternative rock or a game of football.
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include firewall, malware scanner and security audits to protect your site from the
evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany