CVE-2006-5476
Drupal 4.6.x-4.6.9 and 4.7.x-4.7.3 - Cross-Site Request Forgery
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/449199/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1765
Vendor Advisory vendor-advisory
x_refsource_openpkg
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.025-drupal.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29679
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22486
Various Sources x_refsource_confirm
http://drupal.org/node/88828
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4120
Scores
EPSS
0.0120
EPSS Percentile
79.2%
Details
Status
published
Products (14)
drupal/drupal
4.6.0
drupal/drupal
4.6.1
drupal/drupal
4.6.2
drupal/drupal
4.6.3
drupal/drupal
4.6.4
drupal/drupal
4.6.5
drupal/drupal
4.6.6
drupal/drupal
4.6.7
drupal/drupal
4.6.8
drupal/drupal
4.6.9
... and 4 more
Published
Oct 24, 2006
Tracked Since
Feb 18, 2026