Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) delete user access rules.

Remediation

References

CVE-2008-3744

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-5337)

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-31800)

MySQL CVE-2014-4274 Vulnerability (CVE-2014-4274)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5776)

WordPress Plugin WordPress Button Plugin MaxButtons Security Bypass (1.19.0)

Severity

Medium

Classification

CVE-2008-3744 CWE-352

Tags

Missing Update Known Vulnerabilities