CVE-2007-6320

Drupal Module <20071206 - CSRF

Title source: llm

Description

Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.

References (2)

[Patch] http://drupal.org/node/198164

[Third Party Advisory, VDB Entry] http://osvdb.org/43671

Scores

EPSS 0.0018

EPSS Percentile 39.6%

Classification

CWE

CWE-352

Status draft

Affected Products (2)

drupal/feature_module

Timeline

Published Dec 12, 2007

Tracked Since Feb 18, 2026