CVE-2008-6169

Drupal Localization Client < 5.x-1.0 and 6.x < 6.x-1.6 - Cross-Site Request Forgery

Title source: llm

Description

Cross-site request forgery (CSRF) vulnerability in the Localization client 5.x before 5.x-1.1 and 6.x before 6.x-1.6 and the Localization server 5.x before 5.x-1.0-alpha5 and 6.x before 6.x-alpha2, modules for Drupal, allows remote attackers to perform unauthorized actions as administrators via unspecified vectors related to the "local translation submission interface."

References (3)

Core 3

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32388

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46044

Patch, Vendor Advisory x_refsource_confirm

http://drupal.org/node/324862

Scores

EPSS 0.0021

EPSS Percentile 42.5%

Details

CWE

CWE-352

Status published

Products (14)

drupal/localization_client 5.x-1.xdev

drupal/localization_client 6.x-1.0

drupal/localization_client 6.x-1.1

drupal/localization_client 6.x-1.2

drupal/localization_client 6.x-1.3

drupal/localization_client 6.x-1.4

drupal/localization_client 6.x-1.xdev

drupal/localization_client < 5.x-1.0

drupal/localization_server 5.x-1.0alpha1

drupal/localization_server 5.x-1.0alpha2

... and 4 more

Published Feb 19, 2009

Tracked Since Feb 18, 2026