CVE-2010-4519
Views module for Drupal 5.x < 5.x-1.8 and 6.x < 6.x-2.11 - Cross-Site Request Forgery
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable all Views or (2) disable all Views.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://drupal.org/node/829840
Patch mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/12/16/7
Patch mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/12/22/1
Scores
EPSS
0.0062
EPSS Percentile
45.3%
Details
CWE
CWE-352
Status
published
Products (24)
earl_miles/views
5.x-1.0
earl_miles/views
5.x-1.1 beta
earl_miles/views
5.x-1.2 beta1
earl_miles/views
5.x-1.3 beta1
earl_miles/views
5.x-1.4 rc1
earl_miles/views
5.x-1.4-2 rc1
earl_miles/views
5.x-1.5
earl_miles/views
5.x-1.6 (6 CPE variants)
earl_miles/views
5.x-1.7
earl_miles/views
5.x-1.x dev
... and 14 more
Published
Dec 23, 2010
Tracked Since
Feb 18, 2026