Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x prior to 5.2 allow remote malicious users to (1) delete comments, (2) delete content revisions, and (3) disable menu items as privileged users, related to improper use of HTTP GET and the Forms API.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal 5.1_rev1.1 |
||
drupal drupal 5.0 |
||
drupal drupal 5.1 |