CVE-2015-8707 (CRITICAL) CVSS 9.8

📅

🔴 Severity: CRITICAL (CVSS 9.8)

Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field.

Published: 2017-09-26
Last Modified: 2026-05-13 ⚠️

References:

View Full CVE Details on NIST NVD →

Previous Next Home