Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.
References
Link | Resource |
---|---|
http://drupal.org/node/198164 | Patch |
http://osvdb.org/43671 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2007-12-11 17:46
Updated : 2008-11-14 23:04
NVD link : CVE-2007-6320
Mitre link : CVE-2007-6320
JSON object : View
CWE
CWE-352
Cross-Site Request Forgery (CSRF)
Products Affected
drupal
- feature_module