Drupal Taxonomy Manager Module Cross Site Request Forgery Vulnerability
BID:58068
Info
Drupal Taxonomy Manager Module Cross Site Request Forgery Vulnerability
| Bugtraq ID: | 58068 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 20 2013 12:00AM |
| Updated: | Feb 20 2013 12:00AM |
| Credit: | Matthias Hutterer |
| Vulnerable: |
Drupal Taxonomy Manager 6.x-1.1 Drupal Taxonomy Manager 5.x-1.2 |
| Not Vulnerable: | |
Discussion
Drupal Taxonomy Manager Module Cross Site Request Forgery Vulnerability
The Taxonomy Manager module for Drupal is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
The following are affected:
Taxonomy Manager 6.x-2.x versions prior to 6.x-2.2
Taxonomy Manager 7.x-1.x versions prior to 7.x-1.0-rc1
The Taxonomy Manager module for Drupal is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
The following are affected:
Taxonomy Manager 6.x-2.x versions prior to 6.x-2.2
Taxonomy Manager 7.x-1.x versions prior to 7.x-1.0-rc1
Exploit / POC
Drupal Taxonomy Manager Module Cross Site Request Forgery Vulnerability
To exploit this issue, an attacker must entice an unsuspecting victim to open a malicious URI.
To exploit this issue, an attacker must entice an unsuspecting victim to open a malicious URI.
Solution / Fix
Drupal Taxonomy Manager Module Cross Site Request Forgery Vulnerability
Solution:
Updates are available. Please see the reference for more details.
Solution:
Updates are available. Please see the reference for more details.
References
Drupal Taxonomy Manager Module Cross Site Request Forgery Vulnerability
References:
References: