Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-8155)

Description

Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions.

Remediation

References

CVE-2019-8155

Related Vulnerabilities

WordPress Plugin Slideshow Pro 'upload.php' Arbitrary File Upload (2.1)

Ruby on Rails Other Vulnerability (CVE-2021-22904)

Oracle Database Server CVE-2009-1994 Vulnerability (CVE-2009-1994)

WebLogic Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2021-27568)

WordPress Plugin Responsive Filterable Portfolio Unspecified Vulnerability (1.0.8)

Severity

High

Classification

CVE-2019-8155 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N