Description

The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via application-specific vectors.

Remediation

References

CVE-2013-6385

Related Vulnerabilities

WordPress Plugin RoyalSlider Cross-Site Scripting (3.2.6)

Oracle Application Server CVE-2006-3712 Vulnerability (CVE-2006-3712)

PHP Out-of-bounds Read Vulnerability (CVE-2017-9224)

MediaWiki Other Vulnerability (CVE-2005-1888)

MySQL CVE-2020-2853 Vulnerability (CVE-2020-2853)

Severity

Medium

Classification

CVE-2013-6385 CWE-94

Tags

Missing Update Known Vulnerabilities