Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0571

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-0571
Last Modified 07 Mar 2011 10:04:56
Published 04 Feb 2008 09:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0571

Summary

The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, 5.x-2 before 5.x-2.16, and 5.x-3 before 5.x-3.3 module for Drupal does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and manipulate points.

Vulnerable Systems

Application

  • Drupal Userpoints Module 4.7

  • Drupal Userpoints Module 5.0


References

CONFIRM - http://drupal.org/node/216023

VUPEN - ADV-2008-0375

SECUNIA - 28730


Last Updated: 27 May 2016 10:46:52