CVE-2008-0271
15.01.2008, 20:00
The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete custom editor interfaces.
Vendor | Product | Version |
---|---|---|
drupal | bueditor | 𝑥 ≤ 4.7.x-1.0 |
drupal | bueditor | 𝑥 ≤ 5.x-1.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References