3 matches found
CVE-2015-3380
Multiple cross-site request forgery CSRF vulnerabilities in the Feature Set module for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable or 2 disable a module via unspecified vectors...
CVE-2015-3380
CVE-2015-3380 concerns the Drupal Feature Set contributed module. A CSRF flaw allows remote attackers to cause an administrator to enable or disable modules via crafted requests, compromising admin actions. Affected: Feature Set module for Drupal (all versions prior to fixed release). Root cause:...
SA-CONTRIB-2015-041 - Feature Set - Cross Site Request Forgery (CSRF)
Feature Set module enables you to enable or disable sets of features or modules. The module doesn't sufficiently protect some URLs against CSRF. A malicious user can cause an administrator to enable and disable modules by getting the administrator's browser to make a request to a specially-crafte...