Description
Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Fileviewer Cross-Site Request Forgery (2.2)
WordPress Plugin Really Easy Slider TimThumb Arbitrary File Upload (0.1)
WordPress Plugin Calendar Event Multi View Multiple Vulnerabilities (1.1.4)
WordPress Plugin Spiffy Calendar Cross-Site Scripting (3.2.0)
WordPress Plugin Chamber Dashboard Business Directory Cross-Site Scripting (3.2.8)