CVE-2007-6752
published 2012-03-28CVE-2007-6752: Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests…
PriorityP336medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
3.75%
88.5th percentile
Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by considering the "security benefit against platform complexity and performance impact" and concluding that a change to the logout behavior is not planned because "for most sites it is not worth the trade-off.
Affected
115 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| drupal | drupal | <= 7.12 | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jchx-5q5h-f574: ** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in Drupal 7
ghsa_unreviewed·2022-05-01
CVE-2007-6752 [MEDIUM] CWE-352 GHSA-jchx-5q5h-f574: ** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in Drupal 7
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by considering the "security benefit against platform complexity and performance impact" and concluding that a change to the logout behavior is not planned because "for most sites it is not worth the trade-off."
OSV
CVE-2007-6752: Cross-site request forgery (CSRF) vulnerability in Drupal 7
osv·2012-03-28·CVSS 6.8
CVE-2007-6752 [MEDIUM] CVE-2007-6752: Cross-site request forgery (CSRF) vulnerability in Drupal 7
Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by considering the "security benefit against platform complexity and performance impact" and concluding that a change to the logout behavior is not planned because "for most sites it is not worth the trade-off.
No detection rules found.
http://drupal.org/node/144538http://groups.drupal.org/node/216314http://ivanobinetti.blogspot.it/2012/03/drupal-cms-712-latest-stable-release.htmlhttp://packetstormsecurity.org/files/110404/drupal712-xsrf.txthttp://www.exploit-db.com/exploits/18564/http://drupal.org/node/144538http://groups.drupal.org/node/216314http://ivanobinetti.blogspot.it/2012/03/drupal-cms-712-latest-stable-release.htmlhttp://packetstormsecurity.org/files/110404/drupal712-xsrf.txthttp://www.exploit-db.com/exploits/18564/
2012-03-28
Published