CVE-2009-3922

Multiple cross-site request forgery (CSRF) vulnerabilities in the User Protect module 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allow remote attackers to hijack the authentication of administrators for requests that (1) delete the editing protection of a user or (2) delete a certain type of administrative-bypass rule.

🔗 References (14)

• cve@mitrehttp://drupal.org/node/623162
• cve@mitrehttp://drupal.org/node/623180
• cve@mitrehttp://drupal.org/node/623186
• cve@mitrehttp://osvdb.org/59692
• cve@mitrehttp://secunia.com/advisories/37283
• cve@mitrehttp://www.securityfocus.com/bid/36922
• cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/54145
• af854a3a-2127-422b-91ae-364da2661108http://drupal.org/node/623162
• af854a3a-2127-422b-91ae-364da2661108http://drupal.org/node/623180
• af854a3a-2127-422b-91ae-364da2661108http://drupal.org/node/623186
• af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/59692
• af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37283
• af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/36922
• af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/54145