CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
52.8%
This module contains a simple addressbook.
The module has multiple issues including SQL Injection and Cross Site Request Forgery.
For the SQL Injection issue -
CVE: CVE-2012-2306
For the CSRF issue -
CVE: CVE-2012-2307
Drupal core is not affected. If you do not use the contributed Addressbook module, there is nothing you need to do.
This module is not supported. Uninstall the module.
Also see the Addressbook project page.