A vulnerability was found in Drupal E-Publish 5-1.1/6-1.0 (Content Management System). It has been declared as critical. This vulnerability affects an unknown function. The manipulation with an unknown input leads to a cross-site request forgery vulnerability. The CWE definition for the vulnerability is CWE-352. The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors.

The weakness was shared 04/27/2008 (Website). The advisory is available at drupal.org. This vulnerability was named CVE-2008-1981 since 04/27/2008. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Successful exploitation requires user interaction by the victim. The technical details are unknown and an exploit is not available.

It is declared as highly functional.

Upgrading to version 6-1.0 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at X-Force (41978). The entry 42153 is related to this item.

Productinfo

Type

• Content Management System

Vendor

• Drupal

Name

• E-Publish

Version

• 5-1.1
• 6-1.0

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion