Description
Drupal Core is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. Drupal Core versions 7.x ranging from 7.0 and up to and including 7.12 are vulnerable.
Remediation
Follow the recommendations suggested in advisories
References
https://groups.drupal.org/files/drupal712_csrf_disclosure.txt
https://www.exploit-db.com/exploits/18564/
https://packetstormsecurity.com/files/110404/Drupal-CMS-7.12-Cross-Site-Request-Forgery.html
https://heine.familiedeelstra.com/packetstorm-advisory-csrf-march-2012
Related Vulnerabilities
WordPress Plugin Simple Slide Show TimThumb Arbitrary File Upload (1.0)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4522)
WordPress Plugin JetWidgets for Elementor and WooCommerce Local File Inclusion (1.1.7)
Oracle Database Server CVE-2009-1965 Vulnerability (CVE-2009-1965)