Lucene search
PRIOn knowledge basePRION:CVE-2015-4364HistoryJun 15, 2015 - 2:59 p.m.
Cross site request forgery (csrf)
2015-06-1514:59:00
PRIOn knowledge base
www.prio-n.com
3
Multiple cross-site request forgery (CSRF) vulnerabilities in includes/campaignmonitor_lists.admin.inc in the Campaign Monitor module 7.x-1.0 for Drupal allow remote attackers to hijack the authentication of users for requests that (1) enable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/enable or (2) disable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/disable. NOTE: this refers to an issue in an independently developed Drupal module, and NOT an issue in the Campaign Monitor software itself (described on the campaignmonitor.com web site).
| CPE | Name | Operator | Version |
|---|---|---|---|
| campaign_monitor | eq | 7.120.10 |
Related
cve
cve
CVE-2015-4364
2015-06-15 14:59:19
cvelist
cvelist
CVE-2015-4364
2015-06-15 14:00:00
drupal
drupal
SA-CONTRIB-2015-068 - Campaign Monitor - Cross Site Request Forgery (CSRF)
2015-03-04 00:00:00
nvd
nvd
CVE-2015-4364
2015-06-15 14:59:19