Description
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
Remediation
References
Related Vulnerabilities
Oracle Database Server Improper Input Validation Vulnerability (CVE-2018-1000873)
Ampache Other Vulnerability (CVE-2006-5668)
WordPress Plugin Visualizer:Tables and Charts Manager for WordPress SQL Injection (3.11.1)
OpenSSL Improper Input Validation Vulnerability (CVE-2009-3245)
Wordpress Plugin Backup Migration Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-3977)