Drupal 5.x prior to 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote malicious users to delete users via a cross-site request forgery (CSRF) attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal |
||
fedoraproject fedora 7 |