Описание
Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.
Ссылки
- PatchVendor Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- PatchVendor Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.0 (включая) до 5.3 (исключая)
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00507
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
ubuntu
больше 18 лет назад
Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.
debian
больше 18 лет назад
Drupal 5.x before 5.3 does not apply its Drupal Forms API protection a ...
github
почти 4 года назад
Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.
EPSS
Процентиль: 66%
0.00507
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-352