Описание
Multiple cross-site request forgery (CSRF) vulnerabilities in the Feature Set module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable a module via unspecified vectors.
Комментарий
Per the advisory: "A malicious user can cause an administrator to enable and disable modules by getting the administrator's browser to make a request to a specially-crafted URL." Only integrity and availability are affected.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
EPSS
5.8 Medium
CVSS2
Дефекты
Связанные уязвимости
Multiple cross-site request forgery (CSRF) vulnerabilities in the Feature Set module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable a module via unspecified vectors.
EPSS
5.8 Medium
CVSS2