Description
Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Myftp SQL Injection (2.0)
WordPress Plugin Analytics-Gtag Restricted File Upload (1.8.1)
PHP Deserialization of Untrusted Data Vulnerability (CVE-2007-1701)
WordPress Plugin ThinkIT WP Contact Form Multiple Vulnerabilities (0.2)
WordPress Plugin WP SVG Icons Multiple Unspecified Vulnerabilities (3.1.8.1)