Cross-Site Request Forgery (CSRF) Vulnerabilities in Revive Adserver before 3.2.2

Cross-Site Request Forgery (CSRF) Vulnerabilities in Revive Adserver before 3.2.2

CVE-2015-7366 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script.

Learn more about our Cis Benchmark Audit For Server Software.