Описание
Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings."
Ссылки
- PatchVendor Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- PatchVendor Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.0 (включая) до 5.8 (исключая)Версия от 6.0 (включая) до 6.3 (исключая)
Одно из
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00402
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
ubuntu
около 17 лет назад
Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings."
debian
около 17 лет назад
Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5 ...
github
больше 3 лет назад
Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings."
EPSS
Процентиль: 60%
0.00402
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-352