Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) subscribing or (2) unsubscribing to mailing lists.
Remediation
References
Related Vulnerabilities
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3436)
Oracle Database Server CVE-2015-2585 Vulnerability (CVE-2015-2585)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1999046)
WordPress Plugin Live Scores for SportsPress Multiple Vulnerabilities (1.9.0)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2402)