6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.967 High
EPSS
Percentile
99.7%
Spider Catalog module enables you to build product catalogs.
The module doesn’t sufficiently protect some URLs against CSRF. A malicious user can cause an administrator to delete products, ratings and categories by getting their browser to make a request to a specially-crafted URL.
All versions of Spider Catalog module.
Drupal core is not affected. If you do not use the contributed Spider Catalog module, there is nothing you need to do.
If you use the Spider Catalog module you should uninstall it.
Also see the Spider Catalog project page.
Not applicable.