CVE Daily

CVE-2013-6385

The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspe...

Medium CVSS 5.1

Overview

The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via application-specific vectors.

CWE: CWE-94 Published: 2013-12-07T21:55:10.047
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 5.1 (MEDIUM)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags