PT-2009-1644 · Drupal · Localization Client+2
Published
2009-02-19
·
Updated
2017-08-17
·
CVE-2008-6169
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Localization client versions 5.x through 5.x-1.1
Localization client versions 6.x through 6.x-1.6
Localization server versions 5.x through 5.x-1.0-alpha5
Localization server versions 6.x through 6.x-alpha2
Description
A cross-site request forgery (CSRF) issue exists in the Localization client and server modules for Drupal. This allows remote attackers to perform unauthorized actions as administrators via vectors related to the local translation submission interface.
Recommendations
For Localization client versions 5.x through 5.x-1.1, update to version 5.x-1.1 or later.
For Localization client versions 6.x through 6.x-1.6, update to version 6.x-1.6 or later.
For Localization server versions 5.x through 5.x-1.0-alpha5, update to version 5.x-1.0-alpha5 or later.
For Localization server versions 6.x through 6.x-alpha2, update to version 6.x-alpha2 or later.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Drupal
Localization Client
Localization Server