Description
Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/52786
Various Sources x_refsource_confirm
http://drupal.org/node/405672
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49310
Patch, Vendor Advisory x_refsource_confirm
http://drupal.org/node/406314
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34168
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34378
Scores
EPSS
0.0033
EPSS Percentile
56.0%
Details
CWE
CWE-352
Status
published
Products (10)
drupal/plus1
6.x-1.0
drupal/plus1
6.x-1.1
drupal/plus1
6.x-1.2
drupal/plus1
6.x-1.3
drupal/plus1
6.x-2.0 (5 CPE variants)
drupal/plus1
6.x-2.1
drupal/plus1
6.x-2.2
drupal/plus1
6.x-2.3
drupal/plus1
6.x-2.4
drupal/plus1
< 6.x-2.5
Published
Mar 20, 2009
Tracked Since
Feb 18, 2026