Spider Contacts Project : Security vulnerabilities, CVEs

Copy

CVE-2015-4349

Cross-site request forgery (CSRF) vulnerability in the Spider Contacts module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete contact categories via unspecified vectors.

Max CVSS

5.8

EPSS Score

0.17%

Published

2015-06-15

Updated

2015-06-30

CVE-2015-4348

SQL injection vulnerability in the Spider Contacts module for Drupal allows remote authenticated users with the "access Spider Contacts category administration" permission to execute arbitrary SQL commands via unspecified vectors.

Max CVSS

6.0

EPSS Score

0.12%

Published

2015-06-15

Updated

2015-06-30

2 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!