Description

Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote attackers to bypass authentication via the forwarded parameter.

Remediation

References

CVE-2015-3457

Related Vulnerabilities

Oracle JRE CVE-2013-0433 Vulnerability (CVE-2013-0433)

WordPress Plugin WP-RESTful Multiple Cross-Site Scripting Vulnerabilities (0.1)

Piwigo Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-26267)

MySQL CVE-2016-0647 Vulnerability (CVE-2016-0647)

Oracle Database Server Improper Input Validation Vulnerability (CVE-2016-2381)

Severity

Medium

Classification

CVE-2015-3457 CWE-287

Tags

Missing Update Known Vulnerabilities