CVE-2015-4391 in CiviCRM Private Report Module
摘要
由 VulDB • 2026-07-12
Drupal的CiviCRM私有报告模块(版本在6.x-1.2之前的6.x-1.x系列以及7.x-1.3之前的7.x-1.x系列)中存在跨站请求伪造(CSRF)漏洞,远程攻击者可通过未指定的途径劫持用户身份验证,从而删除报表。
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.