CVE-2015-3356
CVE-2015-3356 affects the Drupal Tadaa! module (7.x, prior to 7.x-1.4). The vulnerability arises from multiple unprotected CSRF vectors that allow a logged-in attacker with the module permission to perform actions such as enabling/disabling modules or changing configuration by coaxing a user to m...