CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-0571

The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, 5.x-2 before 5.x-2.16, and 5.x-3 before 5.x-3.3 module for Drupal does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and manipulate points.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 33.1%

CVSS Severity

CVSS v2 Score 4.3

References

http://drupal.org/node/216023
http://secunia.com/advisories/28730
http://www.vupen.com/english/advisories/2008/0375/references
http://drupal.org/node/216023
http://secunia.com/advisories/28730
http://www.vupen.com/english/advisories/2008/0375/references

Products affected by CVE-2008-0571

Drupal » Userpoints Module » Version: 4.7

cpe:2.3:a:drupal:userpoints_module:4.7
Drupal » Userpoints Module » Version: 5.0

cpe:2.3:a:drupal:userpoints_module:5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-0571

Products

Pricing

Contact Us