Description
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
Remediation
References
Related Vulnerabilities
WordPress Plugin 2 Click Social Media Buttons 'xing-url' Parameter Cross-Site Scripting (0.32.2)
MySQL Other Vulnerability (CVE-1999-1188)
WordPress Plugin Simple Link Directory PHP Object Injection (5.5.0)
WebLogic Improper Handling of Exceptional Conditions Vulnerability (CVE-2017-5638)
Oracle Database Server CVE-2011-2253 Vulnerability (CVE-2011-2253)