Cross-Site Request Forgery Vulnerabilities in Drupal's Spider Catalog Module
CVE-2015-4350

Currently unrated

Key Information:

Vendor

Web-dorado

Status
Spider Catalog
Vendor
CVE Published:
15 June 2015

What is CVE-2015-4350?

The Spider Catalog module for Drupal is susceptible to multiple cross-site request forgery vulnerabilities. These flaws enable remote attackers to exploit session authentication of administrators, leading to unauthorized deletion of products, ratings, or categories. Attackers can leverage these vulnerabilities through various unspecified vectors, posing a significant threat to site integrity and data security.

References

http://www.securityfocus.com/bid/72798
vdb-entryx_refsource_BID
http://www.openwall.com/lists/oss-security/2015/04/25/6
mailing-listx_refsource_MLIST
https://www.drupal.org/node/2437977
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.