CVE-2019-8155 – Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user’s CSRF token in the URL of …

Vuln ID: CVE-2019-8155

Published:  2019-11-06  00:15:12Z

Description: Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user’s CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions.

Source: NVD.NIST.GOV

 

Tags