CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-1633

Cross-site request forgery (CSRF) vulnerability in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote attackers to hijack the authentication of administrative users for requests that unblock a user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.2%

CVSS Severity

CVSS v2 Score 6.8

References

http://drupal.org/node/1401678
http://drupalcode.org/project/password_policy.git/commit/3c688c3b4a3ed96fdc4b89883595633338c7ebb6
http://secunia.com/advisories/47541
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://www.securityfocus.com/bid/51385
http://drupal.org/node/1401678
http://drupalcode.org/project/password_policy.git/commit/3c688c3b4a3ed96fdc4b89883595633338c7ebb6
http://secunia.com/advisories/47541
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://www.securityfocus.com/bid/51385

Products affected by CVE-2012-1633

Drupal » Drupal » Version: N/A

cpe:2.3:a:drupal:drupal:-
Erikwebb » Password Policy » Version: 6.x-1.0

cpe:2.3:a:erikwebb:password_policy:6.x-1.0
Erikwebb » Password Policy » Version: 6.x-1.1

cpe:2.3:a:erikwebb:password_policy:6.x-1.1
Erikwebb » Password Policy » Version: 6.x-1.2

cpe:2.3:a:erikwebb:password_policy:6.x-1.2
Erikwebb » Password Policy » Version: 6.x-1.3

cpe:2.3:a:erikwebb:password_policy:6.x-1.3
Erikwebb » Password Policy » Version: 7.x-1.0

cpe:2.3:a:erikwebb:password_policy:7.x-1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-1633

Products

Pricing

Contact Us