Description
Drupal Core is prone to multiple vulnerabilities, including cross-site request forgery and security bypass vulnerabilities. Exploiting these issues could allow an attacker to perform certain administrative actions and gain unauthorized access to the affected application or to perform otherwise restricted actions and subsequently modify users' information or download files. Drupal Core versions 7.x ranging from 7.0 and up to and including 7.10 are vulnerable.
Remediation
Update to Drupal Core version 7.11 or latest
References
Related Vulnerabilities
WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan Security Bypass (9.3.2)
WordPress Plugin Featured Comments Cross-Site Request Forgery (1.2.4)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1099)
Oracle JRE CVE-2013-5810 Vulnerability (CVE-2013-5810)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-3638)