CVE-2015-4361

Cross-site request forgery (CSRF) vulnerability in the Registration codes module before 6.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete registration codes via unspecified vectors.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
registration_codes_projectregistration_codes
𝑥
≤ 6.x-1.x-dev
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/72961
https://www.drupal.org/node/2445955
https://www.drupal.org/node/2446157
http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/72961
https://www.drupal.org/node/2445955
https://www.drupal.org/node/2446157