CVE-2007-6320 Information

Description

Feature 4.7.x-dev and 5.x-dev before 20071206 a Drupal module does not follow Drupal’s Forms API submission model which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.

Reference

http://drupal.org/node/198164 http://osvdb.org/43671