QwikSec

Security Database

CVE

CWE

Training

CVE-2009-1576

Published: May 6, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims into visiting the front page of the site with a crafted URL and causing form data to be sent to an attacker-controlled site, possibly related to multiple / (slash) characters that are not properly handled by includes/bootstrap.inc, as demonstrated using the search box. NOTE: this vulnerability can be leveraged to conduct cross-site request forgery (CSRF) attacks.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

FEDORA-2009-4175

vendor-advisory

x_refsource_FEDORA

vdb-entry

x_refsource_OSVDB

http://www.vbdrupal.org/forum/showthread.php?p=9953#post9953

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

http://drupal.org/node/449078

x_refsource_CONFIRM

FEDORA-2009-4203

vendor-advisory

x_refsource_FEDORA

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_DEBIAN

http://drupal.org/files/sa-core-2009-005/SA-CORE-2009-005-5.16.patch

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.