CVE-2007-6752 in Drupalinfo

Summary

** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by considering the "security benefit against platform complexity and performance impact" and concluding that a change to the logout behavior is not planned because "for most sites it is not worth the trade-off."

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

03/27/2012

Disclosure

03/28/2012

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-352 (Confirmed)

Exploit

Download

CVSS

8.1

EPSS

0.01695

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-6752
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-6752
CVE Details	https://www.cvedetails.com/cve/CVE-2007-6752/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!