Published: 15/01/2008 Updated: 08/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x prior to 4.7.11 and 5.x prior to 5.6 allows remote malicious users to delete items from a feed as privileged users.

Vulnerable Product	Search on Vulmon	Subscribe to Product
drupal drupal 4.5
drupal drupal 4.5.1
drupal drupal 4.5.8
drupal drupal 4.6
drupal drupal 4.6.5
drupal drupal 4.6.6
drupal drupal 4.7.3
drupal drupal 4.7.4
drupal drupal 4.7_rev_1.2
drupal drupal 5.0
drupal drupal 4.2.0_rc
drupal drupal 4.4
drupal drupal 4.5.4
drupal drupal 4.5.5
drupal drupal 4.6.11
drupal drupal 4.6.2
drupal drupal 4.6.9
drupal drupal 4.7
drupal drupal 4.4.1
drupal drupal 4.4.2
drupal drupal 4.4.3
drupal drupal 4.5.6
drupal drupal 4.5.7
drupal drupal 4.6.3
drupal drupal 4.6.4
drupal drupal 4.7.10
drupal drupal 4.7.2
drupal drupal 4.7.9
drupal drupal 4.7_rev_1.15
drupal drupal 5.4
drupal drupal 5.5.
drupal drupal 4.7.1
drupal drupal 4.7.7
drupal drupal 4.7.8
drupal drupal 5.2
drupal drupal 5.3
drupal drupal 4.0.0
drupal drupal 4.1.0
drupal drupal 4.5.2
drupal drupal 4.5.3
drupal drupal 4.6.1
drupal drupal 4.6.10
drupal drupal 4.6.7
drupal drupal 4.6.8
drupal drupal 4.7.5
drupal drupal 4.7.6
drupal drupal 5.1
drupal drupal 5.1_rev1.1

CWE-352 http://drupal.org/node/208562 http://www.securityfocus.com/bid/27238 http://secunia.com/advisories/28422 http://www.vupen.com/english/advisories/2008/0134 http://www.vbdrupal.org/forum/showthread.php?p=6878 http://www.vbdrupal.org/forum/showthread.php?t=1349 http://secunia.com/advisories/28486 http://www.vupen.com/english/advisories/2008/0127 https://exchange.xforce.ibmcloud.com/vulnerabilities/39617 https://nvd.nist.gov

CVE-2008-0272

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect