Cross site request forgery (csrf)

2012-08-3122:55:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.4%

JSON

Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add items to the shopping cart.

CPENameOperatorVersion
commerce_reordereq<= 7.x-1.0
commerce_reordereq7.x-1.x dev

CPE	Name	Operator	Version
	commerce_reorder	eq	<= 7.x-1.0
	commerce_reorder	eq	7.x-1.x dev

References

drupalcode.org/project/commerce_reorder.git/commit/bf060ab

secunia.com/advisories/48912

www.openwall.com/lists/oss-security/2012/04/18/11

www.openwall.com/lists/oss-security/2012/04/19/1

drupal.org/node/1538198