Multiple cross-site request forgery (CSRF) vulnerabilities in the User Import module 6.x-4.x prior to 6.x-4.4 and 7.x-2.x prior to 7.x-2.3 for Drupal allow remote malicious users to hijack the authentication of administrators for requests that (1) continue or (2) delete an ongoing import via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
user import project user import 6.x-4.x |
||
user import project user import 6.x-4.1 |
||
user import project user import 6.x-4.0 |
||
user import project user import 6.x-4.3 |
||
user import project user import 6.x-4.2 |