Description

The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via application-specific vectors.

Remediation

References

CVE-2013-6385

Related Vulnerabilities

Oracle JRE CVE-2023-21954 Vulnerability (CVE-2023-21954)

WordPress Plugin Access Demo Importer Arbitrary File Upload (1.0.6)

WordPress Plugin Media.net Ads Manager Arbitrary File Upload (2.10.13)

WordPress Plugin cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46)

WordPress Plugin DW Question & Answer Cross-Site Request Forgery (1.5.7)

Severity

Medium

Classification

CVE-2013-6385 CWE-94

Tags

Missing Update Known Vulnerabilities