Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database.

Remediation

References

CVE-2008-6532

Related Vulnerabilities

WordPress Plugin Print, PDF, Email by PrintFriendly Multiple Unspecified Vulnerabilities (3.5.2)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0309)

WordPress Plugin Tapfiliate Cross-Site Scripting (3.0.12)

Oracle Database Server CVE-2011-0831 Vulnerability (CVE-2011-0831)

WordPress Plugin Popup box SQL Injection (2.3.3)

Severity

Medium

Classification

CVE-2008-6532 CWE-352

Tags

Missing Update Known Vulnerabilities