Cross site request forgery (csrf)

2019-11-0600:15:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.4%

JSON

Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user’s CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions.

CPENameOperatorVersion
magentoge1.9.0.0
magentolt1.14.4.3
magentoge1.5.0.0
magentolt1.9.4.3

Name	Operator	Version
magento	ge	1.9.0.0
magento	lt	1.14.4.3
magento	ge	1.5.0.0
magento	lt	1.9.4.3

References

magento.com/security/patches/supee-11219