CVE-2008-6532
N/A
N/A
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00767.html
- http://www.vupen.com/english/advisories/2008/3414
- http://secunia.com/advisories/33147
- http://secunia.com/advisories/33112
- http://drupal.org/node/345441
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00740.html
- http://www.osvdb.org/50661
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47260
References
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00767.html
- http://www.vupen.com/english/advisories/2008/3414
- http://secunia.com/advisories/33147
- http://secunia.com/advisories/33112
- http://drupal.org/node/345441
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00740.html
- http://www.osvdb.org/50661
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47260
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.