CVE-2008-6532 Information

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors as demonstrated by causing the superuser to \execute old updates\ that modify the database.

Reference

http://drupal.org/node/345441 http://secunia.com/advisories/33112 http://secunia.com/advisories/33147 http://www.osvdb.org/50661 http://www.vupen.com/english/advisories/2008/3414 https://exchange.xforce.ibmcloud.com/vulnerabilities/47260 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00740.html https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00767.html