Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2012-1057
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper "flood control.".
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 6/10
- Exploit Score
- 6.8/10
- Access Vector
- Network
- Access Complexity
- Medium
- Authentication Required
- Single
- Impact Score
- 6.4/10
- Confidentiality Impact
- Partial
- Availability Impact
- Partial
- Integrity Impact
- Partial
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:sean_robertson:forward:6.x-1.0:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:6.x-1.1:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:6.x-1.2:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:6.x-1.3:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:6.x-1.4:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:6.x-1.5:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:6.x-1.6:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:6.x-1.7:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:6.x-1.8:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:6.x-1.9:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:6.x-1.10:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:6.x-1.11:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:6.x-1.12:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:6.x-1.13:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:6.x-1.14:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:6.x-1.15:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:6.x-1.16:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:6.x-1.17:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:6.x-1.18:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:6.x-1.19:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:6.x-1.20:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:6.x-1.x-dev:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* |
No
|
- | ||
cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha1:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc3:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha3:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:7.x-1.0:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc1:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc4:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc2:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha2:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:7.x-1.1:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:7.x-1.2:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:sean_robertson:forward:7.x-1.x-dev:*:*:*:*:*:*:* |
Yes
|
- | ||
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* |
No
|
- |
References
- http://drupal.org/node/1423722
- http://www.securityfocus.com/bid/51826
- http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f96
- http://secunia.com/advisories/47851
- http://osvdb.org/78817
- http://drupal.org/node/1425150
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72922