CVE-2015-7366

2015-10-14T15:59:04
ID CVE-2015-7366
Type cve
Reporter NVD
Modified 2018-10-09T15:58:03

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script.