Unrated severityNVD Advisory· Published Mar 26, 2009· Updated Apr 23, 2026
CVE-2008-6532
CVE-2008-6532
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database.
Affected products
20cpe:2.3:a:drupal:drupal:5.0:*:*:*:*:*:*:*+ 19 more
- cpe:2.3:a:drupal:drupal:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.4:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.6:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.7:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.8:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.9:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.10:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.11:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.12:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- drupal.org/node/345441nvdPatchVendor Advisory
- secunia.com/advisories/33112nvdVendor Advisory
- secunia.com/advisories/33147nvd
- www.osvdb.org/50661nvd
- www.vupen.com/english/advisories/2008/3414nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/47260nvd
- www.redhat.com/archives/fedora-package-announce/2008-December/msg00740.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-December/msg00767.htmlnvd
News mentions
0No linked articles in our index yet.