CVE-2009-4066

Name of the Vulnerable Software and Affected Versions PHPList Integration module versions prior to 5.x-1.2 PHPList Integration module versions prior to 6.x-1.1

Description The issue affects the "My Account" feature in the PHPList Integration module for Drupal, where multiple cross-site request forgery (CSRF) vulnerabilities exist. These vulnerabilities allow remote attackers to hijack the authentication of arbitrary users via vectors related to subscribing or unsubscribing to mailing lists.

Recommendations For PHPList Integration module versions prior to 5.x-1.2, update to version 5.x-1.2 or later. For PHPList Integration module versions prior to 6.x-1.1, update to version 6.x-1.1 or later.