CVE-2008-3220
Drupal 5.x < 5.8 and 6.x < 6.3 - Cross-Site Request Forgery via Translated Strings Deletion
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings."
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30168
Patch, Vendor Advisory x_refsource_confirm
http://drupal.org/node/280571
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=454849
Third Party Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31079
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43702
Third Party Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/07/10/3
Third Party Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html
Scores
EPSS
0.0040
EPSS Percentile
61.0%
Details
CWE
CWE-352
Status
published
Products (3)
drupal/drupal
5.0 - 5.8
fedoraproject/fedora
8
fedoraproject/fedora
9
Published
Jul 18, 2008
Tracked Since
Feb 18, 2026