PT-2015-6175 · Drupal · Drupal
Pere Orga
·
Publicado
2015-04-21
·
Atualizado
2016-12-06
·
CVE-2015-3354
CVSS v2.0
5.8
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Drupal versions prior to 6.x-2.7
Drupal versions 7.x-2.x prior to 7.x-2.7
Description
A cross-site request forgery (CSRF) issue exists in the Wishlist module, allowing remote attackers to hijack the authentication of arbitrary users for requests that delete wishlist purchase intentions.
Recommendations
For versions prior to 6.x-2.7, update to version 6.x-2.7 or later.
For versions 7.x-2.x prior to 7.x-2.7, update to version 7.x-2.7 or later.
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Drupal