[DRUPAL-SA-2006-025] Drupal 4.6.10 / 4.7.4 fixes CRF issue

------------------------------------------------------------------------ ---- Drupal security advisory DRUPAL-SA-2006-025 ------------------------------------------------------------------------ ---- Project: Drupal core Date: 2006-Oct-18 Security risk: Highly critical Exploitable from: Remote...

DRUPAL-SA-2006-025 - Drupal core - Cross site request forgeries

Visiting a specially crafted page, anywhere on the web, may allow that page to post forms to a Drupal site in the context of the visitor's session. To illustrate; suppose one has an active user 1 session, the most powerful administrator account for a site, to a Drupal site while visiting a websit...