6.8
CVE-2012-2080
- EPSS 0.36%
- Veröffentlicht 14.08.2012 23:55:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginCross-site request forgery (CSRF) vulnerability in the Node Limit Number module before 6.x-1.2 for Drupal allows remote attackers to hijack the authentication of users with the administer node limitnumber permission for requests that delete limits.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Node Limit Number Project ≫ Node Limitnumber Version <= 6.x-1.1
Node Limit Number Project ≫ Node Limitnumber Version5.x-1.0
Node Limit Number Project ≫ Node Limitnumber Version5.x-1.1-1
Node Limit Number Project ≫ Node Limitnumber Version5.x-1.1-2
Node Limit Number Project ≫ Node Limitnumber Version5.x-1.1-3
Node Limit Number Project ≫ Node Limitnumber Version5.x-1.4
Node Limit Number Project ≫ Node Limitnumber Version5.x-1.x Updatedev
Node Limit Number Project ≫ Node Limitnumber Version6.x-1.0
Node Limit Number Project ≫ Node Limitnumber Version6.x-2.0 Updatealpha1
Node Limit Number Project ≫ Node Limitnumber Version6.x-2.0 Updatealpha2
Node Limit Number Project ≫ Node Limitnumber Version6.x-2.0 Updatebeta1
Node Limit Number Project ≫ Node Limitnumber Version6.x-2.0 Updatebeta2
Node Limit Number Project ≫ Node Limitnumber Version6.x-2.x Updatedev
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.555 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.