CVE-2008-3744

Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) delete user access rules.

Link	Resource
http://drupal.org/node/295053	Patch
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00508.html
http://www.securityfocus.com/bid/30689
https://bugzilla.redhat.com/show_bug.cgi?id=459108
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00259.html
http://secunia.com/advisories/31825
http://secunia.com/advisories/31462
http://www.vupen.com/english/advisories/2008/2392
https://exchange.xforce.ibmcloud.com/vulnerabilities/44448

Configuration 1

cpe:2.3:a:drupal:drupal:5.4:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:5.2:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:5.7:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:5.0:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:5.6:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:5.1:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:5.5:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:5.9:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:5.8:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:5.3:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*

---

Published : 2008-08-27 03:21

Updated : 2017-08-08 01:32

---

NVD link : CVE-2008-3744

Mitre link : CVE-2008-3744

No products.

CWE-352