MidnightBSD

Advisories for user_import_project

CVE-2015-4390 MEDIUM

Multiple cross-site request forgery (CSRF) vulnerabilities in the User Import module 6.x-4.x before 6.x-4.4 and 7.x-2.x before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) continue or (2) delete an ongoing import via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
user_import_project user_import 6.x-4.1
user_import_project user_import 6.x-4.3
user_import_project user_import 6.x-4.2
user_import_project user_import 6.x-4.0
user_import_project user_import 6.x-4.x