Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Drupal 7.x, 8.x, 9.x CSRF Vulnerability (SA-CORE-2020-004) (Linux)

Information

Severity

Severity

Medium

Family

Family

Web application abuses

CVSSv2 Base

CVSSv2 Base

5.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

3 years ago

Modified

Modified

3 years ago

Summary

Drupal is prone to a cross-site request forgery vulnerability.

Insight

Insight

The Drupal core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.

Affected Software

Affected Software

Drupal 7.x, 8.8.x and earlier, 8.9.x and 9.0.x.

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Update to version 7.72, 8.8.8, 8.9.1, 9.0.1 or later.

Common Vulnerabilities and Exposures (CVE)