Description

Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote attackers to bypass authentication via the forwarded parameter.

Remediation

References

CVE-2015-3457

Related Vulnerabilities

GlassFish CVE-2018-3152 Vulnerability (CVE-2018-3152)

WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10100)

WordPress Plugin Yoast SEO Cross-Site Request Forgery (3.3.1)

Java Unspesificed Vulnerability (CVE-2018-2940)

WordPress Plugin All Video Gallery 'vid' Parameter Multiple SQL Injection Vulnerabilities (1.1)

Severity

Medium

Classification

CVE-2015-3457 CWE-287

Tags

Missing Update Known Vulnerabilities