Vulnerability Details CVE-2008-3220
Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.4%
CVSS Severity
CVSS v2 Score 4.3
References
- http://drupal.org/node/280571
- http://secunia.com/advisories/31079
- http://www.openwall.com/lists/oss-security/2008/07/10/3
- http://www.securityfocus.com/bid/30168
- https://bugzilla.redhat.com/show_bug.cgi?id=454849
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43702
- https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html
- http://drupal.org/node/280571
- http://secunia.com/advisories/31079
- http://www.openwall.com/lists/oss-security/2008/07/10/3
- http://www.securityfocus.com/bid/30168
- https://bugzilla.redhat.com/show_bug.cgi?id=454849
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43702
- https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html
Products affected by CVE-2008-3220
-
cpe:2.3:a:drupal:drupal:5.0
-
cpe:2.3:a:drupal:drupal:5.1
-
cpe:2.3:a:drupal:drupal:5.2
-
cpe:2.3:a:drupal:drupal:5.3
-
cpe:2.3:a:drupal:drupal:5.4
-
cpe:2.3:a:drupal:drupal:5.5
-
cpe:2.3:a:drupal:drupal:5.6
-
cpe:2.3:a:drupal:drupal:5.7
-
cpe:2.3:a:drupal:drupal:6.0
-
cpe:2.3:a:drupal:drupal:6.1
-
cpe:2.3:a:drupal:drupal:6.2
-
cpe:2.3:o:fedoraproject:fedora:8
-
cpe:2.3:o:fedoraproject:fedora:9