6.8

CVE-2010-4519

Multiple cross-site request forgery (CSRF) vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable all Views or (2) disable all Views.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Earl MilesViews Version5.x-1.0
   DrupalDrupal
Earl MilesViews Version5.x-1.1 Updatebeta
   DrupalDrupal
Earl MilesViews Version5.x-1.2 Updatebeta1
   DrupalDrupal
Earl MilesViews Version5.x-1.3 Updatebeta1
   DrupalDrupal
Earl MilesViews Version5.x-1.4 Updaterc1
   DrupalDrupal
Earl MilesViews Version5.x-1.4-2 Updaterc1
   DrupalDrupal
Earl MilesViews Version5.x-1.5
   DrupalDrupal
Earl MilesViews Version5.x-1.6
   DrupalDrupal
Earl MilesViews Version5.x-1.6 Updatebeta
   DrupalDrupal
Earl MilesViews Version5.x-1.6 Updatebeta2
   DrupalDrupal
Earl MilesViews Version5.x-1.6 Updatebeta3
   DrupalDrupal
Earl MilesViews Version5.x-1.6 Updatebeta4
   DrupalDrupal
Earl MilesViews Version5.x-1.6 Updatebeta5
   DrupalDrupal
Earl MilesViews Version5.x-1.7
   DrupalDrupal
Earl MilesViews Version5.x-1.x Updatedev
   DrupalDrupal
Earl MilesViews Version6.x-2.0
   DrupalDrupal
Earl MilesViews Version6.x-2.0 Updatealpha1
   DrupalDrupal
Earl MilesViews Version6.x-2.0 Updatealpha2
   DrupalDrupal
Earl MilesViews Version6.x-2.0 Updatealpha3
   DrupalDrupal
Earl MilesViews Version6.x-2.0 Updatealpha4
   DrupalDrupal
Earl MilesViews Version6.x-2.0 Updatealpha5
   DrupalDrupal
Earl MilesViews Version6.x-2.0 Updatebeta1
   DrupalDrupal
Earl MilesViews Version6.x-2.0 Updatebeta2
   DrupalDrupal
Earl MilesViews Version6.x-2.0 Updatebeta3
   DrupalDrupal
Earl MilesViews Version6.x-2.0 Updatebeta4
   DrupalDrupal
Earl MilesViews Version6.x-2.0 Updaterc1
   DrupalDrupal
Earl MilesViews Version6.x-2.0 Updaterc2
   DrupalDrupal
Earl MilesViews Version6.x-2.0 Updaterc3
   DrupalDrupal
Earl MilesViews Version6.x-2.0 Updaterc4
   DrupalDrupal
Earl MilesViews Version6.x-2.0 Updaterc5
   DrupalDrupal
Earl MilesViews Version6.x-2.1
   DrupalDrupal
Earl MilesViews Version6.x-2.2
   DrupalDrupal
Earl MilesViews Version6.x-2.3
   DrupalDrupal
Earl MilesViews Version6.x-2.4
   DrupalDrupal
Earl MilesViews Version6.x-2.5
   DrupalDrupal
Earl MilesViews Version6.x-2.6
   DrupalDrupal
Earl MilesViews Version6.x-2.7
   DrupalDrupal
Earl MilesViews Version6.x-2.8
   DrupalDrupal
Earl MilesViews Version6.x-2.9
   DrupalDrupal
Earl MilesViews Version6.x-2.10
   DrupalDrupal
Earl MilesViews Version6.x-2.x Updatedev
   DrupalDrupal
Earl MilesViews Version6.x-3.0 Updatealpha1
   DrupalDrupal
Earl MilesViews Version6.x-3.0 Updatealpha2
   DrupalDrupal
Earl MilesViews Version6.x-3.0 Updatealpha3
   DrupalDrupal
Earl MilesViews Version6.x-3.x Updatedev
   DrupalDrupal
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.1% 0.279
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://drupal.org/node/829840
Patch
Vendor Advisory