CVE-2012-0826
Drupal 6.x < 6.23 and 7.x < 7.11 - Cross-Site Request Forgery in Aggregator Module
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for requests that update feeds and possibly cause a denial of service (loss of updates due to rate limit) via unspecified vectors.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://drupal.org/node/1425084
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2776
Scores
EPSS
0.0015
EPSS Percentile
34.6%
Details
CWE
CWE-352
Status
published
Products (26)
drupal/drupal
6.0 (10 CPE variants)
drupal/drupal
6.1
drupal/drupal
6.2
drupal/drupal
6.3
drupal/drupal
6.4
drupal/drupal
6.5
drupal/drupal
6.6
drupal/drupal
6.7
drupal/drupal
6.8
drupal/drupal
6.9
... and 16 more
Published
Oct 28, 2013
Tracked Since
Feb 18, 2026