Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.
References
Link | Resource |
---|---|
http://drupal.org/node/198164 | Patch |
http://osvdb.org/43671 |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2007-12-12 01:46
Updated : 2024-02-04 17:13
NVD link : CVE-2007-6320
Mitre link : CVE-2007-6320
CVE.ORG link : CVE-2007-6320
JSON object : View
Products Affected
drupal
- feature_module
CWE
CWE-352
Cross-Site Request Forgery (CSRF)