WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-6532)

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database.

Remediation

References

Related Vulnerabilities

Oracle Application Server CVE-2008-0344 Vulnerability (CVE-2008-0344)

Vanilla Forums Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2018-15833)

Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2017-7659)

WordPress 'wp-trackback.php' SQL Injection Vulnerability (1.5)

WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2014-6412)

Severity

Medium

Classification

CVE-2008-6532 CWE-352

Tags

Missing Update Known Vulnerabilities