ID CVE-2007-6320 Type cve Reporter NVD Modified 2008-11-15T02:04:11
Description
Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.
{"assessment": {"system": "", "name": "", "href": ""}, "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "type": "cve", "viewCount": 2, "bulletinFamily": "NVD", "edition": 1, "published": "2007-12-11T20:46:00", "objectVersion": "1.2", "history": [], "title": "CVE-2007-6320", "reporter": "NVD", "hash": "1f1d661b52386a8d6927b56064f4c00f1e9995c471c6887daa8ae257b0af5116", "lastseen": "2016-09-03T09:50:50", "id": "CVE-2007-6320", "scanner": [], "description": "Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.", "modified": "2008-11-15T02:04:11", "cvelist": ["CVE-2007-6320"], "cpe": ["cpe:/a:drupal:feature_module:4.7.x_dev", "cpe:/a:drupal:feature_module:5.x_dev"], "references": ["http://drupal.org/node/198164"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6320", "enchantments": {"score": {"value": 4.3, "vector": "NONE", "modified": "2016-09-03T09:50:50"}, "vulnersScore": 4.3}}
