Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to perform unauthorized actions as an arbitrary user, a related issue to CVE-2006-5476.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Database Administration Module | 4.6 |
References
- http://drupal.org/node/135549PatchVendor Advisory
- http://osvdb.org/34962
- http://secunia.com/advisories/24848PatchVendor Advisory
- http://www.vupen.com/english/advisories/2007/1360
- http://drupal.org/node/135549PatchVendor Advisory
- http://osvdb.org/34962
- http://secunia.com/advisories/24848PatchVendor Advisory
- http://www.vupen.com/english/advisories/2007/1360
FAQ
What is CVE-2007-2160?
CVE-2007-2160 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple cross-site request forgery (CSRF) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to perfo...
How severe is CVE-2007-2160?
CVE-2007-2160 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2160?
Check the references section above for vendor advisories and patch information. Affected products include: Drupal Database Administration Module.