- Description
- Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- nvd@nist.gov
- CWE-352
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:feature_module:4.7.x_dev:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B7B557D8-468F-4B41-98BF-451DD38F4C12"
},
{
"criteria": "cpe:2.3:a:drupal:feature_module:5.x_dev:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2DDAAE54-40FA-4C7E-8878-131E10F87AE7"
}
],
"operator": "OR"
}
]
}
]