The point moderation form in the Userpoints 4.7.x prior to 4.7.x-2.3, 5.x-2 prior to 5.x-2.16, and 5.x-3 prior to 5.x-3.3 module for Drupal does not follow Drupal's Forms API submission model, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks and manipulate points.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal userpoints module 4.7 |
||
drupal userpoints module 5.0 |