CVE-2008-0571

Name of the Vulnerable Software and Affected Versions Userpoints module for Drupal versions 4.7.x before 4.7.x-2.3 Userpoints module for Drupal versions 5.x-2 before 5.x-2.16 Userpoints module for Drupal versions 5.x-3 before 5.x-3.3

Description The issue concerns the point moderation form in the Userpoints module for Drupal, which does not adhere to Drupal's Forms API submission model. This allows remote attackers to conduct cross-site request forgery (CSRF) attacks, enabling them to manipulate points.

Recommendations For Userpoints module for Drupal version 4.7.x, update to version 4.7.x-2.3 or later. For Userpoints module for Drupal version 5.x-2, update to version 5.x-2.16 or later. For Userpoints module for Drupal version 5.x-3, update to version 5.x-3.3 or later.