CVE-2009-1036

EUVD-2009-1037
Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
drupalplus1
𝑥
≤ 6.x-2.5
drupalplus1
6.x-1.0:x
drupalplus1
6.x-1.1:x
drupalplus1
6.x-1.2:x
drupalplus1
6.x-1.3:x
drupalplus1
6.x-2.0:x
drupalplus1
6.x-2.0:x
drupalplus1
6.x-2.0:x
drupalplus1
6.x-2.0:x
drupalplus1
6.x-2.0:x
drupalplus1
6.x-2.1:x
drupalplus1
6.x-2.2:x
drupalplus1
6.x-2.3:x
drupalplus1
6.x-2.4:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/405672
http://drupal.org/node/406314
http://osvdb.org/52786
http://secunia.com/advisories/34378
http://www.securityfocus.com/bid/34168
https://exchange.xforce.ibmcloud.com/vulnerabilities/49310
http://drupal.org/node/405672
http://drupal.org/node/406314
http://osvdb.org/52786
http://secunia.com/advisories/34378
http://www.securityfocus.com/bid/34168
https://exchange.xforce.ibmcloud.com/vulnerabilities/49310