This page aggregates publicly disclosed CVE and security risk information related to boombatower, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2012-4487 | The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they created. | [email protected] | 4.0 | 0.17% | 2012-11-02 | 2026-04-29 |
| CVE-2012-4486 | Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors. | [email protected] | 6.8 | 0.14% | 2012-11-02 | 2026-04-29 |