CVE-2015-4362

EUVD-2015-4385
Cross-site request forgery (CSRF) vulnerability in tracking_code.admin.inc in the Tracking Code module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that disable tracking codes via unspecified vectors.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
tracking_code_projecttracking_code
7.x-1.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://cgit.drupalcode.org/tracking_code/commit/?id=77c8c3d
http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/72958
https://www.drupal.org/node/2445961
https://www.drupal.org/node/2450135
https://www.drupal.org/node/2453079
http://cgit.drupalcode.org/tracking_code/commit/?id=77c8c3d
http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/72958
https://www.drupal.org/node/2445961
https://www.drupal.org/node/2450135
https://www.drupal.org/node/2453079