CVE-2009-3922
The CVE concerns Drupal’s User Protect module. Affected versions are 5.x prior to 5.x-1.4 and 6.x prior to 6.x-1.3. The issue is cross-site request forgery (CSRF) that enables remote attackers to hijack administrator authentication for two actions: (1) removing a user’s editing protection, and (2...