Unrated severityNVD Advisory· Published Jul 18, 2008· Updated Apr 23, 2026

CVE-2008-3220

Description

Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings."

Affected products

Drupal/Drupal
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Range: >=5.0,<5.8
Fedoraproject/Fedora2 versions
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drupal.org/node/280571nvdPatchVendor Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
secunia.com/advisories/31079nvdThird Party Advisory
www.openwall.com/lists/oss-security/2008/07/10/3nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/30168nvdThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/43702nvdThird Party AdvisoryVDB Entry
www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.htmlnvdThird Party Advisory
www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.htmlnvdThird Party Advisory
www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.htmlnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000