Multiple cross-site request forgery (CSRF) vulnerabilities in the User Import module 6.x-4.x before 6.x-4.4 and 7.x-2.x before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) continue or (2) delete an ongoing import via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| user_import_project | user_import | 6.x-4.1 |
| user_import_project | user_import | 6.x-4.3 |
| user_import_project | user_import | 6.x-4.2 |
| user_import_project | user_import | 6.x-4.0 |
| user_import_project | user_import | 6.x-4.x |