CVE-2015-1568

medium

Published 2015-02-09 · Modified 2026-05-06

CVSS v3

—

CVSS v2

6.8

VIR risk

6.8

Description

Cross-site request forgery (CSRF) vulnerability in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote attackers to hijack the authentication of users with the "edit gd infinite scroll settings" permission for requests that delete settings via unspecified vectors.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.drupal.org/node/2415885

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.drupal.org/node/2415219

Application impact

Vendor	Product	Versions	Fixed
studio.gd	gd_infinite_scroll	`{"endIncluding":"7.x-1.3"}`

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/100628
https://www.drupal.org/node/2415219
https://www.drupal.org/node/2415885
https://exchange.xforce.ibmcloud.com/vulnerabilities/100628
https://www.drupal.org/node/2415219
https://www.drupal.org/node/2415885

CWEs

CWE-352

Verify integrity in audit chain (admin only). AS-IS.