Multiple cross-site request forgery (CSRF) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a server via a server action or (2) enable a search index via an enable index action.
References
Link | Resource |
---|---|
http://drupal.org/node/1815770 | Patch Vendor Advisory |
http://drupal.org/node/1815124 | Patch |
http://www.openwall.com/lists/oss-security/2012/11/20/4 |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2012-12-03 13:55
Updated : 2012-12-03 21:00
NVD link : CVE-2012-5547
Mitre link : CVE-2012-5547
JSON object : View
CWE
CWE-352
Cross-Site Request Forgery (CSRF)
Products Affected
drupal
- drupal
thomas_seidl
- search_api