Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities

vendor:

Drupal CMS

by:

Ivano Binetti

6,8

CVSS

MEDIUM

Multiple Vulnerabilities

352, 643, 644, 645

CWE

Product Name: Drupal CMS

Affected Version From: 7.12

Affected Version To: 7.12

Patch Exists: YES

Related CWE: N/A

CPE: drupal:drupal

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Debian Squeeze (6.0)

2012

Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities

Drupal 7.12 -latest stable release - suffers from multiple vulnerabilities which could allow an attacker to gain administrative access to the CMS. The first vulnerability is a CSRF which could allow an attacker to change any Drupal settings. The second vulnerability is a CSRF which could allow an attacker to force administrator logout. The third vulnerability is a POST and GET method which could allow an attacker to gain administrative access to the CMS. The fourth vulnerability is a Http Referer which could allow an attacker to gain administrative access to the CMS. The exploit is a POST and GET method which could allow an attacker to gain administrative access to the CMS. The exploit is a CSRF which could allow an attacker to force administrator logout.

Mitigation:

Ensure that all user input is validated and sanitized before being used in any application logic. Ensure that all user input is validated and sanitized before being used in any application logic. Ensure that all user input is validated and sanitized before being used in any application logic. Ensure that all user input is validated and sanitized before being used in any application logic.

Source

Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities

Mitigation:

Exploit-DB raw data: