Description
Drupal Core is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. Drupal Core versions 7.x ranging from 7.0 and up to and including 7.12 are vulnerable.
Remediation
Follow the recommendations suggested in advisories
References
https://groups.drupal.org/files/drupal712_csrf_disclosure.txt
https://www.exploit-db.com/exploits/18564/
https://packetstormsecurity.com/files/110404/Drupal-CMS-7.12-Cross-Site-Request-Forgery.html
https://heine.familiedeelstra.com/packetstorm-advisory-csrf-march-2012
Related Vulnerabilities
WordPress Plugin Uploadify Integration Multiple Cross-Site Scripting Vulnerabilities (0.9.6)
Apache Tomcat Incomplete Cleanup Vulnerability (CVE-2023-42795)
WordPress Plugin Better Search Cross-Site Request Forgery (2.5.2)
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5866)