CVE-2009-4066

Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) subscribing or (2) unsubscribing to mailing lists.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
drupaldrupal
*
paul_beaneyphplist
5.x-1.0:x
paul_beaneyphplist
5.x-1.1:x
paul_beaneyphplist
5.x-1.x:x
paul_beaneyphplist
6.x-1.0:x
paul_beaneyphplist
6.x-1.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/636398
http://drupal.org/node/636400
http://drupal.org/node/636412
http://osvdb.org/60283
http://secunia.com/advisories/37434
http://www.securityfocus.com/bid/37054
https://exchange.xforce.ibmcloud.com/vulnerabilities/54336
http://drupal.org/node/636398
http://drupal.org/node/636400
http://drupal.org/node/636412
http://osvdb.org/60283
http://secunia.com/advisories/37434
http://www.securityfocus.com/bid/37054
https://exchange.xforce.ibmcloud.com/vulnerabilities/54336