CVE-2008-6532

Name of the Vulnerable Software and Affected Versions Drupal versions 5.x before 5.13 Drupal versions 6.x before 6.7

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities in the update feature. These vulnerabilities allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors. For example, an attacker could cause the superuser to execute old updates that modify the database.

Recommendations For Drupal versions 5.x before 5.13, update to version 5.13 or later. For Drupal versions 6.x before 6.7, update to version 6.7 or later.