CVE-2015-4391

Cross-site request forgery (CSRF) vulnerability in the CiviCRM private report module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of users for requests that delete reports via unspecified vectors.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:civicrm:civicrm_private_report:7.x-1.2:*:*:*:*:drupal:*:*
cpe:2.3:a:civicrm:civicrm_private_report:6.x-1.0:*:*:*:*:drupal:*:*
cpe:2.3:a:civicrm:civicrm_private_report:6.x-1.1:*:*:*:*:drupal:*:*
cpe:2.3:a:civicrm:civicrm_private_report:7.x-1.0:*:*:*:*:drupal:*:*
cpe:2.3:a:civicrm:civicrm_private_report:7.x-1.1:*:*:*:*:drupal:*:*

Information

Published : 2015-06-15 07:59

Updated : 2016-06-09 14:39


NVD link : CVE-2015-4391

Mitre link : CVE-2015-4391


JSON object : View

CWE
CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

dedicated server usa

Products Affected

civicrm

  • civicrm_private_report