Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Drupal | 5.0 |
Related Weaknesses (CWE)
References
- http://drupal.org/node/345441PatchVendor Advisory
- http://secunia.com/advisories/33112Vendor Advisory
- http://secunia.com/advisories/33147
- http://www.osvdb.org/50661
- http://www.vupen.com/english/advisories/2008/3414
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47260
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00740.h
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00767.h
- http://drupal.org/node/345441PatchVendor Advisory
- http://secunia.com/advisories/33112Vendor Advisory
- http://secunia.com/advisories/33147
- http://www.osvdb.org/50661
- http://www.vupen.com/english/advisories/2008/3414
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47260
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00740.h
FAQ
What is CVE-2008-6532?
CVE-2008-6532 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser vi...
How severe is CVE-2008-6532?
CVE-2008-6532 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6532?
Check the references section above for vendor advisories and patch information. Affected products include: Drupal Drupal.