← back
CVE-2007-6752

CVE-2007-6752

EPSS 3.7%
Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by considering the "security benefit against platform complexity and performance impact" and concluding that a change to the logout behavior is not planned because "for most sites it is not worth the trade-off.
Affected products
n/a · n/a
public PoCs found3
cve_referencepacketstormsecurity.org/files/110404/drupal712-xsrf.txtunverifiedcve_referencewww.exploit-db.com/exploits/18564/unverifiedexploitdbwww.exploit-db.com/exploits/18564unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://drupal.org/node/144538http://groups.drupal.org/node/216314http://ivanobinetti.blogspot.it/2012/03/drupal-cms-712-latest-stable-release.htmlhttp://packetstormsecurity.org/files/110404/drupal712-xsrf.txthttp://www.exploit-db.com/exploits/18564/