Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in includes/campaignmonitor_lists.admin.inc in the Campaign Monitor module 7.x-1.0 for Drupal allow remote attackers to hijack the authentication of users for requests that (1) enable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/enable or (2) disable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/disable. NOTE: this refers to an issue in an independently developed Drupal module, and NOT an issue in the Campaign Monitor software itself (described on the campaignmonitor.com web site).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal Campaign Monitor模块跨站请求伪造漏洞
Vulnerability Description
Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。Campaign Monitor是其中的一个通过集成Campaign Monitor API以能够订阅Drupal站点管理列表的模块。 Drupal Campaign Monitor模块7.x-1.0版本的includes/campaignmonitor_lists.admin.inc文件中存在跨站请求伪造漏洞。远程攻击者可通过向admin/config/services/campaignmonitor/lists/%/
CVSS Information
N/A
Vulnerability Type
N/A