CVE-2012-1057

Name of the Vulnerable Software and Affected Versions Drupal Forward module versions 6.x-1.x through 6.x-1.20 Drupal Forward module versions 7.x-1.x through 7.x-1.2

Description A cross-site request forgery (CSRF) issue exists in the clickthrough tracking functionality of the Forward module, potentially related to improper flood control. This allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code.

Recommendations For Drupal Forward module version 6.x-1.x, update to version 6.x-1.21 or later. For Drupal Forward module version 7.x-1.x, update to version 7.x-1.3 or later.