Description
Drupal Core is prone to multiple vulnerabilities, including cross-site request forgery and security bypass vulnerabilities. Exploiting these issues could allow an attacker to perform certain administrative actions and gain unauthorized access to the affected application or to perform otherwise restricted actions and subsequently modify users' information or download files. Drupal Core versions 7.x ranging from 7.0 and up to and including 7.10 are vulnerable.
Remediation
Update to Drupal Core version 7.11 or latest
References
Related Vulnerabilities
WordPress Plugin Print My Blog-Print, PDF, & eBook Converter Server-Side Request Forgery (1.6.5)
WordPress Plugin IP Logger Arbitrary File Upload (3.1)
WordPress Plugin N-Media Website Contact Form with File Upload Arbitrary File Upload (2.1)
WordPress Plugin Ultimate Member-User Profile & Membership Cross-Site Scripting (2.0.10)
WordPress Plugin Lazyest Gallery 'image' Parameter Cross-Site Scripting (1.0.28)