2 matches found
CVE-2012-2728
CVE-2012-2728 affects the Drupal Node Hierarchy module (6.x-1.x) prior to 6.x-1.5. The vulnerability allows CSRF that can hijack an administrator’s session to reorder node hierarchy via up/down actions. Impact is admin-authentication compromise leading to unintended hierarchy changes. Remediation...
SA-CONTRIB-2012-099 - Node Hierarchy - Cross Site Request Forgery (CSRF)
Node Hierarchy module allows for the creation of parent child relationships among nodes that can create a tree-like hierarchy of content. The module doesn't sufficiently confirm user intent when reordering children nodes allowing a malicious user to trick a site admin to changing the desired...