Drupal · Drupal Invoice Module · CVE-2015-4382
**Name of the Vulnerable Software and Affected Versions**
Drupal Invoice module versions 6.x-1.x before 6.x-1.2
Drupal Invoice module versions 7.x-1.x before 7.x-1.3
**Description**
The issue allows remote attackers to hijack the authentication of arbitrary users for requests that create, delete, or alter invoices.
**Recommendations**
For Drupal Invoice module versions 6.x-1.x before 6.x-1.2, update to version 6.x-1.2 or later.
For Drupal Invoice module versions 7.x-1.x before 7.x-1.3, update to version 7.x-1.3 or later.