Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script.

Remediation

References

CVE-2015-7366

Related Vulnerabilities

WordPress Plugin Donation with Goals and Paypal IPN by NonprofitCMS.org 'exporttocsv.php' SQL Injection (1.0)

WordPress Plugin SVG Support Cross-Site Scripting (2.5.1)

WordPress Plugin Photo Gallery by Supsystic Multiple Vulnerabilities (1.8.5)

Drupal CVE-2009-3352 Vulnerability (CVE-2009-3352)

Oracle Database Server CVE-2009-1021 Vulnerability (CVE-2009-1021)

Severity

Medium

Classification

CVE-2015-7366 CWE-352

Tags

Missing Update Known Vulnerabilities