1 results (0.003 seconds)
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2009-3922
https://notcve.org/view.php?id=CVE-2009-3922
09 Nov 2009 — Multiple cross-site request forgery (CSRF) vulnerabilities in the User Protect module 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allow remote attackers to hijack the authentication of administrators for requests that (1) delete the editing protection of a user or (2) delete a certain type of administrative-bypass rule. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el módulo User Protect v5.x anteriores a v5.x-1.4 y v6.x anteriores a v6.x-1.3, módul... • http://drupal.org/node/623162 • CWE-352: Cross-Site Request Forgery (CSRF) •