CVE-2015-7366 in Adserverinfo

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Responsible

Reservation

09/25/2015

Disclosure

10/14/2015

Moderation

VulDB entry created

Entries

VDB-78463

CPE

ready

CWE

CWE-352 (Confirmed)

CVSS

4.3

EPSS

0.00227

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2015-7366
NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-7366
CVE Details	https://www.cvedetails.com/cve/CVE-2015-7366/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!