Drupal Admin:hover Module Cross Site Request Forgery Vulnerabilities
BID:51388
CVE-2012-1631 |Info
Drupal Admin:hover Module Cross Site Request Forgery Vulnerabilities
| Bugtraq ID: | 51388 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 11 2012 12:00AM |
| Updated: | Jan 11 2012 12:00AM |
| Credit: | Ivo Van Geertruyen of the Drupal Security Team |
| Vulnerable: |
Drupal Admin:hover 7.X Drupal Admin:hover 6.X |
| Not Vulnerable: | |
Discussion
Drupal Admin:hover Module Cross Site Request Forgery Vulnerabilities
Admin:hover module for Drupal is prone to multiple cross-site request-forgery vulnerabilities.
Attackers can exploit these issues to perform certain administrative actions and gain unauthorized access to the affected application.
Admin:hover 6.x and 7.x are vulnerable; other versions may also be affected.
Admin:hover module for Drupal is prone to multiple cross-site request-forgery vulnerabilities.
Attackers can exploit these issues to perform certain administrative actions and gain unauthorized access to the affected application.
Admin:hover 6.x and 7.x are vulnerable; other versions may also be affected.
Solution / Fix
Drupal Admin:hover Module Cross Site Request Forgery Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].