CVE-2015-7366

Revive Adserver < 3.2.1 - Cross-Site Request Forgery via Crafted POST Request

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/536633/100/0/threaded
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Oct/32

Scores

EPSS 0.0111
EPSS Percentile 62.1%

Details

CWE
CWE-352
Status published
Products (1)
revive-adserver/revive_adserver < 3.2.1
Published Oct 14, 2015
Tracked Since Feb 18, 2026