Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 prior to 5.x-1.2 and 6 prior to 6.x-1.1 for Drupal allow remote malicious users to hijack the authentication of arbitrary users via vectors related to (1) subscribing or (2) unsubscribing to mailing lists.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal |
||
paul_beaney phplist 5.x-1.x |
||
paul_beaney phplist 6.x-1.x |
||
paul_beaney phplist 6.x-1.0 |
||
paul_beaney phplist 5.x-1.0 |
||
paul_beaney phplist 5.x-1.1 |