QwikSec

Security Database

CVE

CWE

Training

CVE-2012-1057

Published: Feb 14, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper "flood control."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3

x_refsource_CONFIRM

drupal-forward-unspecified-csrf(72922)

vdb-entry

x_refsource_XF

http://drupal.org/node/1425150

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

http://drupal.org/node/1423722

x_refsource_CONFIRM

vdb-entry

x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.