Description
Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Realia Cross-Site Scripting (0.9.1)
PHP-Fusion Improper Privilege Management Vulnerability (CVE-2020-24949)
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1599)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-1648)
WordPress Plugin Portfolio by BestWebSoft Cross-Site Scripting (2.39)