CVE-2015-4396 Information

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Keyword Research module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to hijack the authentication of users with the \kwresearch admin site keywords\ permission for requests that (1) create (2) delete or (3) set priorities to keywords via unspecified vectors.

Reference

http://www.openwall.com/lists/oss-security/2015/04/25/6 http://www.securityfocus.com/bid/74361 https://www.drupal.org/node/2475591 https://www.drupal.org/node/2475953