4 matches found
CVE-2012-2080
Cross-site request forgery CSRF vulnerability in the Node Limit Number module before 6.x-1.2 for Drupal allows remote attackers to hijack the authentication of users with the administer node limitnumber permission for requests that delete limits...
CVE-2012-2080
Cross-site request forgery CSRF vulnerability in the Node Limit Number module before 6.x-1.2 for Drupal allows remote attackers to hijack the authentication of users with the administer node limitnumber permission for requests that delete limits...
CVE-2012-2080
The CVE concerns the Drupal contributed module Node Limit Number (6.x-1.x) prior to version 6.x-1.2. The vulnerability is a Cross-Site Request Forgery (CSRF) that can allow an attacker to hijack the authentication of users with the administer node limitnumber permission, triggering delete-limit a...
SA-CONTRIB-2012-052 - Node Limit Number - Cross Site Request Forgery (CSRF)
CVE: CVE-2012-2080 The Node Limit Number module enables an administrator to place limits on how many nodes may be created by each user. Node Limit Number does not protect the delete URL against Cross Site Request Forgery attacks, allowing a malicious user to trick someone with "administer node...