{"api_version":"1","generated_at":"2026-05-13T15:56:23+00:00","cve":"CVE-2015-4350","urls":{"html":"https://cve.report/CVE-2015-4350","api":"https://cve.report/api/cve/CVE-2015-4350.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-4350","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-4350"},"summary":{"title":"CVE-2015-4350","description":"Multiple cross-site request forgery (CSRF) vulnerabilities in the Spider Catalog module for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete (1) products, (2) ratings, or (3) categories via unspecified vectors.","state":"PUBLISHED","assigner":"mitre","published_at":"2015-06-15 14:59:05","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-352","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.8","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2015/04/25/6","name":"http://www.openwall.com/lists/oss-security/2015/04/25/6","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"oss-security - CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034\n to SA-CONTRIB-2015-099)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.drupal.org/node/2437977","name":"https://www.drupal.org/node/2437977","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"SA-CONTRIB-2015-058 - Spider Catalog - Cross Site Request Forgery (CSRF) - Unsupported | Drupal.org","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/72798","name":"http://www.securityfocus.com/bid/72798","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Drupal Spider Catalog Module Cross Site Request Forgery Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-4350","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-4350","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"4350","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"web-dorado","cpe5":"spider_catalog","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T06:11:12.939Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"72798","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/72798"},{"name":"[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2015/04/25/6"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.drupal.org/node/2437977"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2015-02-25T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple cross-site request forgery (CSRF) vulnerabilities in the Spider Catalog module for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete (1) products, (2) ratings, or (3) categories via unspecified vectors."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2016-06-03T20:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"72798","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/72798"},{"name":"[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2015/04/25/6"},{"tags":["x_refsource_MISC"],"url":"https://www.drupal.org/node/2437977"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2015-4350","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site request forgery (CSRF) vulnerabilities in the Spider Catalog module for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete (1) products, (2) ratings, or (3) categories via unspecified vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"72798","refsource":"BID","url":"http://www.securityfocus.com/bid/72798"},{"name":"[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2015/04/25/6"},{"name":"https://www.drupal.org/node/2437977","refsource":"MISC","url":"https://www.drupal.org/node/2437977"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2015-4350","datePublished":"2015-06-15T14:00:00.000Z","dateReserved":"2015-06-05T00:00:00.000Z","dateUpdated":"2024-08-06T06:11:12.939Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2015-06-15 14:59:05","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-352","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:web-dorado:spider_catalog:*:*:*:*:*:drupal:*:*","matchCriteriaId":"3B1F0BA3-6D2A-4B82-AF99-5A74BC5F05B5"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"4350","Ordinal":"1","Title":"CVE-2015-4350","CVE":"CVE-2015-4350","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"4350","Ordinal":"1","NoteData":"Multiple cross-site request forgery (CSRF) vulnerabilities in the Spider Catalog module for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete (1) products, (2) ratings, or (3) categories via unspecified vectors.","Type":"Description","Title":"CVE-2015-4350"},{"CveYear":"2015","CveId":"4350","Ordinal":"2","NoteData":"2015-06-15","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"4350","Ordinal":"3","NoteData":"2016-06-03","Type":"Other","Title":"Modified"}]}}}