EUVD-2009-3893

Malware in sbrugna...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the User Protect module 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allow remote attackers to hijack the authentication of administrators for requests that 1 delete the editing protection of a user or 2 delete a certa...

CVE-2009-3922

Multiple cross-site request forgery CSRF vulnerabilities in the User Protect module 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allow remote attackers to hijack the authentication of administrators for requests that 1 delete the editing protection of a user or 2 delete a certa...

CVE-2009-3922

The CVE concerns Drupal’s User Protect module. Affected versions are 5.x prior to 5.x-1.4 and 6.x prior to 6.x-1.3. The issue is cross-site request forgery (CSRF) that enables remote attackers to hijack administrator authentication for two actions: (1) removing a user’s editing protection, and (2...

CVE-2009-3922

Multiple cross-site request forgery CSRF vulnerabilities in the User Protect module 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allow remote attackers to hijack the authentication of administrators for requests that 1 delete the editing protection of a user or 2 delete a certa...

SA-CONTRIB-2009-090 - User Protect - Cross Site Request Forgery

User Protect provides various editing protection for users. The protections can be specific to a user, or applied to all users in a role. User administrators can be individually configured to be allowed to bypass the protections. The Drupal Forms API protects against cross site request forgeries...