CVE-2009-4517

nanwich faq_ask < 6.x-2.0 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content.

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://drupal.org/node/617444
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37201
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3088

Scores

EPSS 0.0060
EPSS Percentile 44.7%

Details

CWE
CWE-352
Status published
Products (11)
nanwich/faq_ask 5.x-1.0 (5 CPE variants)
nanwich/faq_ask 5.x-1.1
nanwich/faq_ask 5.x-1.2
nanwich/faq_ask 5.x-1.3
nanwich/faq_ask 5.x-1.x dev
nanwich/faq_ask 6.x-1.0 (2 CPE variants)
nanwich/faq_ask 6.x-1.1
nanwich/faq_ask 6.x-1.2
nanwich/faq_ask 6.x-1.x dev
nanwich/faq_ask 6.x-2.0 alpha1
... and 1 more
Published Dec 31, 2009
Tracked Since Feb 18, 2026