CVE-2008-6532

Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database.

Link	Resource
http://www.osvdb.org/50661
http://secunia.com/advisories/33112	Vendor Advisory
http://drupal.org/node/345441	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2008/3414
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00767.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00740.html
http://secunia.com/advisories/33147
https://exchange.xforce.ibmcloud.com/vulnerabilities/47260

Configuration 1

cpe:2.3:a:drupal:drupal:5.10:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:5.4:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:5.12:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:5.2:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:5.7:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:5.0:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:5.6:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:5.1:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:5.5:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:5.9:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:5.8:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:5.3:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:* cpe:2.3:a:drupal:drupal:5.11:*:*:*:*:*:*:*

---

Published : 2009-03-26 09:00

Updated : 2017-08-17 01:29

---

NVD link : CVE-2008-6532

Mitre link : CVE-2008-6532

No products.

CWE-352