Description

Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.

Remediation

References

CVE-2007-5594

Related Vulnerabilities

qdPM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-45855)

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4191)

Oracle HTTP Server Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2014-0226)

WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.25)

WebLogic CVE-2023-21838 Vulnerability (CVE-2023-21838)

Severity

Medium

Classification

CVE-2007-5594 CWE-352

Tags

Missing Update Known Vulnerabilities