Описание
Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.
Ссылки
- PatchVendor Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- PatchVendor Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.0 (включая) до 5.3 (исключая)
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00475
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
ubuntu
около 18 лет назад
Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.
debian
около 18 лет назад
Drupal 5.x before 5.3 does not apply its Drupal Forms API protection a ...
github
больше 3 лет назад
Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.
EPSS
Процентиль: 64%
0.00475
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-352