CVE-2008-3221

Drupal 6.x <6.3 - CSRF

Title source: llm

Description

Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities.

References (8)

[Patch, Vendor Advisory] http://drupal.org/node/280571

[Third Party Advisory] http://secunia.com/advisories/31079

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2008/07/10/3

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/30168

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=454849

[Third Party Advisory] https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html

[Third Party Advisory] https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html

[Third Party Advisory] https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html

Scores

EPSS 0.0042

EPSS Percentile 61.7%

Classification

CWE

CWE-352

Status draft

Affected Products (3)

drupal/drupal < 6.3

fedoraproject/fedora

Timeline

Published Jul 18, 2008

Tracked Since Feb 18, 2026