CVE-2012-2729

Loading...

General

Score:6.8/10.0
Severity:Medium
Category:Bounce Attack
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Published on 27/06/12 - Updated on 29/08/17

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleMeta module 6.x-1.x before 6.x-2.0 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) delete or (2) add a meta tag entry.

Category: Bounce Attack

CWE-352 (Cross-Site Request Forgery (CSRF))
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Security Notices

US National Vulnerability DatabaseCVE-2012-2729

Exploits

SecurityFocusBID-53997

Relative technologies

VendorProduct
adcillcsimplemeta

Share this vulnerability with:

Twitter Facebook LinkedIn Mail