Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings."
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
| Link | Tags |
|---|---|
| http://www.securityfocus.com/bid/30168 | vdb entry third party advisory |
| http://drupal.org/node/280571 | patch vendor advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=454849 | issue tracking third party advisory patch |
| https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html | third party advisory vendor advisory |
| http://secunia.com/advisories/31079 | third party advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43702 | vdb entry third party advisory |
| https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html | third party advisory vendor advisory |
| http://www.openwall.com/lists/oss-security/2008/07/10/3 | third party advisory mailing list |
| https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html | third party advisory vendor advisory |