Description
Drupal Core is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. Drupal Core versions 7.x ranging from 7.0 and up to and including 7.12 are vulnerable.
Remediation
Follow the recommendations suggested in advisories
References
https://groups.drupal.org/files/drupal712_csrf_disclosure.txt
https://www.exploit-db.com/exploits/18564/
https://packetstormsecurity.com/files/110404/Drupal-CMS-7.12-Cross-Site-Request-Forgery.html
https://heine.familiedeelstra.com/packetstorm-advisory-csrf-march-2012
Related Vulnerabilities
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5651)
WordPress Plugin GD Star Rating 'tpl_section' Parameter Cross-Site Scripting (1.9.16)
WordPress Plugin Poll, Survey, Form & Quiz Maker by OpinionStage Unspecified Vulnerability (15.0.0)
WordPress Plugin Default Facebook Thumbnails Multiple Vulnerabilities (0.4)