ID CVE-2006-5476
Summary Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:drupal:drupal:4.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.8:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.6.9:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.3:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 17-10-2018 - 21:43)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bugtraq 20061019 [DRUPAL-SA-2006-025] Drupal 4.6.10 / 4.7.4 fixes CRF issue
confirm http://drupal.org/node/88828
openpkg OpenPKG-SA-2006.025-drupal
secunia 22486
sreason 1765
vupen ADV-2006-4120
xf drupal-unspecified-csrf(29679)
Last major update 17-10-2018 - 21:43
Published 24-10-2006 - 20:07
Last modified 17-10-2018 - 21:43
Back to Top