Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database.

Remediation

References

CVE-2008-6532

Related Vulnerabilities

WordPress Plugin Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Information Disclosure (2.1.3)

PHP Use of Externally-Controlled Format String Vulnerability (CVE-2010-2094)

Apache Tomcat Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-5648)

WordPress Plugin Quiz And Survey Master-Best Quiz, Exam and Survey for WordPress Multiple Vulnerabilities (8.0.4)

Highcharts JS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29489)

Severity

Medium

Classification

CVE-2008-6532 CWE-352

Tags

Missing Update Known Vulnerabilities