Cross-site request forgery (CSRF) vulnerability in the Password Policy module prior to 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote malicious users to hijack the authentication of administrative users for requests that unblock a user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
erikwebb password_policy 6.x-1.3 |
||
erikwebb password_policy 6.x-1.2 |
||
erikwebb password_policy 6.x-1.0 |
||
erikwebb password_policy 7.x-1.0 |
||
erikwebb password_policy 6.x-1.1 |