Drupal Autosave Module Cross Site Request Forgery Vulnerability UPDATED

Summary

The Autosave module for Drupal is prone to a cross-site request-forgery vulnerability.

Credit:

The original article can be found at: http://www.securityfocus.com/bid/52985
The information has been provided by Ryan Jud Hughes.


Details

Vulnerable Systems:
 * Drupal Autosave 6.X-1.9 and prior

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.

Vendor Status:
Vendor as issued an updated vulnerability.

Patch Availability:
http://drupal.org/node/1528864

CVE Information:
CVE-2012-2097

Disclosure Timeline:
Published:Apr 11 2012
Updated:Aug 16 2012

Categories: News