CVE-2015-4396

Sažetak

Multiple cross-site request forgery (CSRF) vulnerabilities in the Keyword Research module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to hijack the authentication of users with the "kwresearch admin site keywords" permission for requests that (1) create, (2) delete, or (3) set priorities to keywords via unspecified vectors.

Reference

http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/74361
https://www.drupal.org/node/2475591
https://www.drupal.org/node/2475953

CVSS

Base:	5.1
Impact:	6.4
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

27-06-2016 - 14:31

Objavljeno

15-06-2015 - 14:59