Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5594

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-5594
Last Modified 05 Sep 2008 05:31:10
Published 19 Oct 2007 07:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5594

Summary

Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.

Vulnerable Systems

Application

  • Drupal 5.2


References

CONFIRM - http://drupal.org/node/184348

SECUNIA - 27290

FEDORA - FEDORA-2007-2649

XF - drupal-http-request-csrf(37268)

BID - 26119

SECUNIA - 27352


Last Updated: 27 May 2016 10:46:13