CVE-2015-4364 in Campaign Monitor Modulethông tin

Tóm tắt

Bởi MITRE

Multiple cross-site request forgery (CSRF) vulnerabilities in includes/campaignmonitor_lists.admin.inc in the Campaign Monitor module 7.x-1.0 for Drupal allow remote attackers to hijack the authentication of users for requests that (1) enable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/enable or (2) disable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/disable.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Đặt trước

05/06/2015

Tiết lộ

15/06/2015

Kiểm duyệt

được chấp nhận

mục

VDB-75914

EPSS

0.00656

KEV

không

Các hoạt động

rất thấp

Nguồn

Interested in the pricing of exploits?

See the underground prices here!