Magento before 1.9.4.3 and before 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
magento magento |