Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database.
Remediation
References
Related Vulnerabilities
WordPress Plugin Viper's Video Quicktags Unspecified Vulnerability (6.4.4)
Oracle Database Server CVE-2016-0472 Vulnerability (CVE-2016-0472)
WordPress Plugin Contus HD FLV Player 'uploadVideo.php' Arbitrary File Upload (1.7)
WordPress Plugin Appointments Cross-Site Scripting (2.2.2.2)
PHP Resource Management Errors Vulnerability (CVE-2010-3710)