First published: Fri Nov 02 2012(Updated: )
Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Boombatower Subuser | <=6.x-1.7 | |
Boombatower Subuser | =6.x-1.0 | |
Boombatower Subuser | =6.x-1.1 | |
Boombatower Subuser | =6.x-1.2 | |
Boombatower Subuser | =6.x-1.3 | |
Boombatower Subuser | =6.x-1.4 | |
Boombatower Subuser | =6.x-1.5 | |
Boombatower Subuser | =6.x-1.6 | |
Boombatower Subuser | =6.x-1.x-dev | |
Drupal Drupal |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.