Drupal : Security Vulnerabilities, CVEs, Published In 2007 (CSRF) CVSS score >= 3

CVE-2007-6320

Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.
Max CVSS
4.3
EPSS Score
0.08%
Published
2007-12-12
Updated
2008-11-15

CVE-2007-5594

Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.
Max CVSS
4.3
EPSS Score
0.22%
Published
2007-10-19
Updated
2021-04-19

CVE-2007-4063

Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to (1) delete comments, (2) delete content revisions, and (3) disable menu items as privileged users, related to improper use of HTTP GET and the Forms API.
Max CVSS
4.3
EPSS Score
0.96%
Published
2007-07-30
Updated
2017-07-29

CVE-2007-2160

Multiple cross-site request forgery (CSRF) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to perform unauthorized actions as an arbitrary user, a related issue to CVE-2006-5476.
Max CVSS
7.5
EPSS Score
1.04%
Published
2007-04-22
Updated
2011-03-08
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close