Unrated severityNVD Advisory· Published May 6, 2009· Updated Jun 16, 2026
CVE-2009-1576
CVE-2009-1576
Description
Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims into visiting the front page of the site with a crafted URL and causing form data to be sent to an attacker-controlled site, possibly related to multiple / (slash) characters that are not properly handled by includes/bootstrap.inc, as demonstrated using the search box. NOTE: this vulnerability can be leveraged to conduct cross-site request forgery (CSRF) attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
33cpe:2.3:a:drupal:drupal:5.0:beta1:*:*:*:*:*:*+ 31 more
- cpe:2.3:a:drupal:drupal:5.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.10:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.11:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.12:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.13:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.14:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.15:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.16:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:5.1_rev1.1:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.0:rc-1:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.0:rc-2:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.0:rc-3:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.0:rc-4:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*
- (no CPE)range: 5.x <5.17, 6.x <6.11
Patches
Vulnerability mechanics
References
11- drupal.org/files/sa-core-2009-005/SA-CORE-2009-005-5.16.patchnvdPatch
- drupal.org/node/449078nvdPatchVendor Advisory
- www.vbdrupal.org/forum/showthread.phpnvdPatch
- www.redhat.com/archives/fedora-package-announce/2009-May/msg00108.htmlnvdPatch
- www.redhat.com/archives/fedora-package-announce/2009-May/msg00133.htmlnvdPatch
- secunia.com/advisories/34948nvdVendor Advisory
- secunia.com/advisories/34950nvdVendor Advisory
- www.vupen.com/english/advisories/2009/1216nvdVendor Advisory
- secunia.com/advisories/34980nvd
- www.debian.org/security/2009/dsa-1792nvd
- www.osvdb.org/54153nvd
News mentions
0No linked articles in our index yet.