CVE-2012-2096

Name of the Vulnerable Software and Affected Versions Fivestar module versions prior to 6.x-1.20 for Drupal

Description The issue allows remote attackers to manipulate voting averages by providing a negative value in the vote parameter, due to improper validation of voting data.

Recommendations For Fivestar module versions prior to 6.x-1.20, update to version 6.x-1.20 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing user input for the vote parameter to prevent negative values.