Skip to main content

Subuser

2 CVEs product

Monthly

CVE-2012-4487 MEDIUM PATCH This Month

The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Subuser
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2012-4486 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Subuser
NVD
CVSS 2.0
6.8
EPSS
0.1%
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Subuser
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Subuser
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy