CVE-2007-5594 - CVE Reference - Advisories

CVE Reference: CVE-2007-5594

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-5594

Description: Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/37268 SAID Secunia Advisory: SA27290 Secunia Advisory: SA27352 FEDORA CONFIRM http://drupal.org/node/184348 BID 26119

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	phpJobScheduler "installed_conf ig_file" File Inclusion Vulnerabilities

2.	Sun Solaris Kernel Covert Channel Security Bypass

3.	Subdreamer Light Global Variables SQL Injection Vulnerability

4.	Novell eDirectory Multiple Vulnerabilities

5.	HP TCP/IP Services for OpenVMS Finger Format String Vulnerability

6.	dotProject SQL Injection and Cross-Site Scripting

7.	OpenOffice "rtl_allocateMe mory()" Truncation Vulnerability

8.	Adium MSN SLP Message Integer Overflow Vulnerabilities

9.	Acoustica Mixcraft ".mx4" File Processing Buffer Overflow

10.	phpMyRealty "price_max" SQL Injection Vulnerability