CVE-2012-2077

EUVD-2012-2083
Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permissions via unknown vectors "outside of the Form API."
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
rob_loachsharethis
7.x-2.0:x
rob_loachsharethis
7.x-2.0:x
rob_loachsharethis
7.x-2.1:x
rob_loachsharethis
7.x-2.2:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1504746
http://drupal.org/node/1506448
http://drupalcode.org/project/sharethis.git/commit/11f247a
http://secunia.com/advisories/48598
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://www.osvdb.org/80681
http://www.securityfocus.com/bid/52778
https://exchange.xforce.ibmcloud.com/vulnerabilities/74518
http://drupal.org/node/1504746
http://drupal.org/node/1506448
http://drupalcode.org/project/sharethis.git/commit/11f247a
http://secunia.com/advisories/48598
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://www.osvdb.org/80681
http://www.securityfocus.com/bid/52778
https://exchange.xforce.ibmcloud.com/vulnerabilities/74518