CVE-2015-4362

Cross-site request forgery (CSRF) vulnerability in tracking_code.admin.inc in the Tracking Code module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that disable tracking codes via unspecified vectors.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
tracking_code_projecttracking_code
7.x-1.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://cgit.drupalcode.org/tracking_code/commit/?id=77c8c3d
http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/72958
https://www.drupal.org/node/2445961
https://www.drupal.org/node/2450135
https://www.drupal.org/node/2453079
http://cgit.drupalcode.org/tracking_code/commit/?id=77c8c3d
http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/72958
https://www.drupal.org/node/2445961
https://www.drupal.org/node/2450135
https://www.drupal.org/node/2453079