CVE-2012-1057

Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper "flood control."
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
sean_robertsonforward
6.x-1.0:x
sean_robertsonforward
6.x-1.1:x
sean_robertsonforward
6.x-1.2:x
sean_robertsonforward
6.x-1.3:x
sean_robertsonforward
6.x-1.4:x
sean_robertsonforward
6.x-1.5:x
sean_robertsonforward
6.x-1.6:x
sean_robertsonforward
6.x-1.7:x
sean_robertsonforward
6.x-1.8:x
sean_robertsonforward
6.x-1.9:x
sean_robertsonforward
6.x-1.10:x
sean_robertsonforward
6.x-1.11:x
sean_robertsonforward
6.x-1.12:x
sean_robertsonforward
6.x-1.13:x
sean_robertsonforward
6.x-1.14:x
sean_robertsonforward
6.x-1.15:x
sean_robertsonforward
6.x-1.16:x
sean_robertsonforward
6.x-1.17:x
sean_robertsonforward
6.x-1.18:x
sean_robertsonforward
6.x-1.19:x
sean_robertsonforward
6.x-1.20:x
sean_robertsonforward
6.x-1.x-dev:x
sean_robertsonforward
7.x-1.0:x
sean_robertsonforward
7.x-1.0:x
sean_robertsonforward
7.x-1.0:x
sean_robertsonforward
7.x-1.0:x
sean_robertsonforward
7.x-1.0:x
sean_robertsonforward
7.x-1.0:x
sean_robertsonforward
7.x-1.0:x
sean_robertsonforward
7.x-1.0:x
sean_robertsonforward
7.x-1.1:x
sean_robertsonforward
7.x-1.2:x
sean_robertsonforward
7.x-1.x-dev:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1423722
http://drupal.org/node/1425150
http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3
http://osvdb.org/78817
http://secunia.com/advisories/47851
http://www.securityfocus.com/bid/51826
https://exchange.xforce.ibmcloud.com/vulnerabilities/72922
http://drupal.org/node/1423722
http://drupal.org/node/1425150
http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3
http://osvdb.org/78817
http://secunia.com/advisories/47851
http://www.securityfocus.com/bid/51826
https://exchange.xforce.ibmcloud.com/vulnerabilities/72922