Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) delete user access rules.

Remediation

References

CVE-2008-3744

Related Vulnerabilities

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-6635)

Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-29200)

TYPO3 Improper Input Validation Vulnerability (CVE-2009-0258)

WordPress Plugin WP OAuth Server (OAuth Authentication) Cross-Site Scripting (4.2.1)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29046)

Severity

Medium

Classification

CVE-2008-3744 CWE-352

Tags

Missing Update Known Vulnerabilities