CVE-2015-4382 in Invoice Moduleinfo

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) create, (2) delete, or (3) alter invoices via unspecified vectors.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

06/05/2015

Disclosure

06/15/2015

Moderation

VulDB entry created

Entries

1: VDB-75931

CPE

ready

CWE

CWE-352 (Confirmed)

CVSS

4.3

EPSS

0.00164

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2015-4382
NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-4382
CVE Details	https://www.cvedetails.com/cve/CVE-2015-4382/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!