Description
Drupal Core is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. Drupal Core versions 7.x ranging from 7.0 and up to and including 7.12 are vulnerable.
Remediation
Follow the recommendations suggested in advisories
References
https://groups.drupal.org/files/drupal712_csrf_disclosure.txt
https://www.exploit-db.com/exploits/18564/
https://packetstormsecurity.com/files/110404/Drupal-CMS-7.12-Cross-Site-Request-Forgery.html
https://heine.familiedeelstra.com/packetstorm-advisory-csrf-march-2012
Related Vulnerabilities
e107 Other Vulnerability (CVE-2005-2327)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-0335)
WordPress Improper Input Validation Vulnerability (CVE-2008-5695)
WordPress Plugin Fonts-Google Fonts Typography Cross-Site Scripting (3.0.2)
Chamilo Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32925)