Description
The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.
Remediation
References
Related Vulnerabilities
WordPress Plugin Coupon Creator Cross-Site Request Forgery (3.1)
MediaWiki CVE-2023-45362 Vulnerability (CVE-2023-45362)
Serendipity Remote Code Execution (CVE-2020-10964)
WordPress Plugin WP Login Security and History Cross-Site Request Forgery (1.0)
WordPress Plugin WPGlobus-Multilingual Everything! Multiple Vulnerabilities (1.9.6)