Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2007-5594

Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.

Related bugs and status

CVE-2007-5594 (Candidate) is related to these bugs:

Bug #154811: [SA-2007-{24,25,26,29,30}] Fix for several security issues in drupal 5.2

Summary				In	Importance	Status
	154811	[SA-2007-{24,25,26,29,30}] Fix for several security issues in drupal 5.2		drupal5 (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://drupal.org/node...
SECUNIA: 27290
FEDORA: FEDORA-2007-2649
BID: 26119
SECUNIA: 27352
XF: drupal-http-request-cs...