Vulnerability Details CVE-2015-4362
Cross-site request forgery (CSRF) vulnerability in tracking_code.admin.inc in the Tracking Code module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that disable tracking codes via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.4%
CVSS Severity
CVSS v2 Score 6.8
References
- http://cgit.drupalcode.org/tracking_code/commit/?id=77c8c3d
- http://www.openwall.com/lists/oss-security/2015/04/25/6
- http://www.securityfocus.com/bid/72958
- https://www.drupal.org/node/2445961
- https://www.drupal.org/node/2450135
- https://www.drupal.org/node/2453079
- http://cgit.drupalcode.org/tracking_code/commit/?id=77c8c3d
- http://www.openwall.com/lists/oss-security/2015/04/25/6
- http://www.securityfocus.com/bid/72958
- https://www.drupal.org/node/2445961
- https://www.drupal.org/node/2450135
- https://www.drupal.org/node/2453079
Products affected by CVE-2015-4362
-
cpe:2.3:a:tracking_code_project:tracking_code:7.x-1.x