CVE-2012-2080

EUVD-2012-2086
Cross-site request forgery (CSRF) vulnerability in the Node Limit Number module before 6.x-1.2 for Drupal allows remote attackers to hijack the authentication of users with the administer node limitnumber permission for requests that delete limits.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
node_limit_number_projectnode_limitnumber
𝑥
≤ 6.x-1.1
node_limit_number_projectnode_limitnumber
5.x-1.0:x
node_limit_number_projectnode_limitnumber
5.x-1.1-1:x
node_limit_number_projectnode_limitnumber
5.x-1.1-2:x
node_limit_number_projectnode_limitnumber
5.x-1.1-3:x
node_limit_number_projectnode_limitnumber
5.x-1.4:x
node_limit_number_projectnode_limitnumber
5.x-1.x:x
node_limit_number_projectnode_limitnumber
6.x-1.0:x
node_limit_number_projectnode_limitnumber
6.x-2.0:x
node_limit_number_projectnode_limitnumber
6.x-2.0:x
node_limit_number_projectnode_limitnumber
6.x-2.0:x
node_limit_number_projectnode_limitnumber
6.x-2.0:x
node_limit_number_projectnode_limitnumber
6.x-2.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1506594
http://drupal.org/node/1506728
http://drupalcode.org/project/node_limitnumber.git/commit/90f0d3a
http://osvdb.org/80684
http://secunia.com/advisories/48597
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://www.securityfocus.com/bid/52816
https://exchange.xforce.ibmcloud.com/vulnerabilities/74525
http://drupal.org/node/1506594
http://drupal.org/node/1506728
http://drupalcode.org/project/node_limitnumber.git/commit/90f0d3a
http://osvdb.org/80684
http://secunia.com/advisories/48597
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://www.securityfocus.com/bid/52816
https://exchange.xforce.ibmcloud.com/vulnerabilities/74525