3 matches found
Multi Rating < 5.0.6 - Ratings Deletion via CSRF
The plugin does not have CSRF check when deleting ratings, which could allow attackers to make logged in admins to perform such action via a CSRF attack...
Udemy: Extremely high Course rating values could be set in order to make really high Average rating of the course. Negative values could be set to.
Authenticated user can register for some course paid or free. After registering and taking couple of lectures "Rate course" functional becomes active. Malicious user can fill the rating form and submit it. By intercepting request to the server's API by using intercepting proxy tool and modify...
CVE-2015-4350
Multiple cross-site request forgery CSRF vulnerabilities in the Spider Catalog module for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete 1 products, 2 ratings, or 3 categories via unspecified vectors...