Description
Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.
Remediation
References
Related Vulnerabilities
MySQL CVE-2018-3080 Vulnerability (CVE-2018-3080)
WordPress Plugin Xorbin Digital Flash Clock Cross-Site Scripting (1.0)
Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33324)
WordPress Plugin Loco Translate Unspecified Vulnerability (2.5.4)
WordPress Plugin Seriously Simple Podcasting Cross-Site Request Forgery (2.16.0)