Description

Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote attackers to bypass authentication via the forwarded parameter.

Remediation

References

CVE-2015-3457

Related Vulnerabilities

WordPress Plugin Login Widget With Shortcode Cross-Site Request Forgery (3.1.1)

WordPress Plugin WP RSS By Publishers Multiple SQL Injection Vulnerabilities (0.1)

Moment.js Other Vulnerability (CVE-2022-31129)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43705)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4341)

Severity

Medium

Classification

CVE-2015-3457 CWE-287

Tags

Missing Update Known Vulnerabilities