Description
Drupal Core is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. Drupal Core versions 7.x ranging from 7.0 and up to and including 7.12 are vulnerable.
Remediation
Follow the recommendations suggested in advisories
References
https://groups.drupal.org/files/drupal712_csrf_disclosure.txt
https://www.exploit-db.com/exploits/18564/
https://packetstormsecurity.com/files/110404/Drupal-CMS-7.12-Cross-Site-Request-Forgery.html
https://heine.familiedeelstra.com/packetstorm-advisory-csrf-march-2012
Related Vulnerabilities
WordPress Plugin I Recommend This SQL Injection (3.7.7)
WordPress Plugin Slimstat Analytics Cross-Site Scripting (3.9.1)
WordPress Plugin Top Quark Architecture 'script.php' Arbitrary File Upload (2.1.0)
WordPress Plugin Leaky Paywall Cross-Site Scripting (4.16.5)
WordPress Plugin Sliced Invoices-WordPress Invoice Multiple Vulnerabilities (3.8.2)