Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Magento 安全漏洞
Vulnerability Description
Magento是美国Magento公司的一套开源的PHP电子商务系统,它提供权限管理、搜索引擎和支付网关等功能。Magento Community Edition(CE)是一个社区版。Magento Enterprise Edition(EE)是一个企业版。 Magento CE 1.9.2.2之前的版本和Magento EE 1.14.2.2之前的版本中存在安全漏洞,该漏洞源于程序在使用密码重置令牌后,没有取消该令牌。远程攻击者可借助特制的外部服务利用该漏洞获取用户密码。
CVSS Information
N/A
Vulnerability Type
N/A