Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper "flood control."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sean Robertson | Forward | 6.x-1.0 |
| Drupal | Drupal | All versions |
Related Weaknesses (CWE)
References
- http://drupal.org/node/1423722Patch
- http://drupal.org/node/1425150PatchVendor Advisory
- http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10
- http://osvdb.org/78817
- http://secunia.com/advisories/47851Vendor Advisory
- http://www.securityfocus.com/bid/51826
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72922
- http://drupal.org/node/1423722Patch
- http://drupal.org/node/1425150PatchVendor Advisory
- http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10
- http://osvdb.org/78817
- http://secunia.com/advisories/47851Vendor Advisory
- http://www.securityfocus.com/bid/51826
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72922
FAQ
What is CVE-2012-1057?
CVE-2012-1057 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers t...
How severe is CVE-2012-1057?
CVE-2012-1057 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1057?
Check the references section above for vendor advisories and patch information. Affected products include: Sean Robertson Forward, Drupal Drupal.