Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database.
Remediation
References
Related Vulnerabilities
WordPress Plugin Gravity Forms Information Disclosure (2.4.8)
MySQL CVE-2017-3638 Vulnerability (CVE-2017-3638)
TYPO3 Insufficient Session Expiration Vulnerability (CVE-2022-23502)
Oracle Database Server CVE-2014-4300 Vulnerability (CVE-2014-4300)
WordPress Plugin Display Widgets Spam Links Injection (2.6.3.1)