CVE-2010-4519

Views module for Drupal 5.x < 5.x-1.8 and 6.x < 6.x-2.11 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable all Views or (2) disable all Views.

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://drupal.org/node/829840
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/12/16/7
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/12/22/1

Scores

EPSS 0.0062
EPSS Percentile 45.3%

Details

CWE
CWE-352
Status published
Products (24)
earl_miles/views 5.x-1.0
earl_miles/views 5.x-1.1 beta
earl_miles/views 5.x-1.2 beta1
earl_miles/views 5.x-1.3 beta1
earl_miles/views 5.x-1.4 rc1
earl_miles/views 5.x-1.4-2 rc1
earl_miles/views 5.x-1.5
earl_miles/views 5.x-1.6 (6 CPE variants)
earl_miles/views 5.x-1.7
earl_miles/views 5.x-1.x dev
... and 14 more
Published Dec 23, 2010
Tracked Since Feb 18, 2026