exploitDog

CVE-2008-0571

Опубликовано: 05 фев. 2008

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, 5.x-2 before 5.x-2.16, and 5.x-3 before 5.x-3.3 module for Drupal does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and manipulate points.

Ссылки

http://drupal.org/node/216023
Patch
http://secunia.com/advisories/28730
Vendor Advisory
http://www.vupen.com/english/advisories/2008/0375/references
http://drupal.org/node/216023
Patch
http://secunia.com/advisories/28730
Vendor Advisory
http://www.vupen.com/english/advisories/2008/0375/references

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:drupal:userpoints_module:4.7:*:*:*:*:*:*:*

cpe:2.3:a:drupal:userpoints_module:5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00129

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-fr96-6wx7-355w

github

почти 4 года назад

The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, 5.x-2 before 5.x-2.16, and 5.x-3 before 5.x-3.3 module for Drupal does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and manipulate points.

EPSS

Процентиль: 33%

0.00129

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-352