Unrated severityNVD Advisory· Published Dec 31, 2009· Updated Apr 23, 2026

CVE-2009-4533

Description

The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors.

Affected products

Nathan Haug/Webform42 versions
cpe:2.3:a:nathan_haug:webform:*:*:*:*:*:*:*:*+ 41 more
- cpe:2.3:a:nathan_haug:webform:*:*:*:*:*:*:*:*range: <=5.x-2.7
- cpe:2.3:a:nathan_haug:webform:5.x-1.10:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-1.2:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-1.3:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-1.4:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-1.5:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-1.6:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-1.7:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-1.8:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-1.9:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-1.x-dev:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-2.0:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-2.0-beta0:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-2.0-beta1:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-2.0-beta2:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-2.0-beta3:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-2.1:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-2.2:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-2.3:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-2.4:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-2.5:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-2.6:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:5.x-2.x-dev:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta1:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta2:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta3:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta4:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta5:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta6:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-2.1:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-2.1-1:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-2.2:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-2.3:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-2.4:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-2.5:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-2.6:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-2.x-dev:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drupal.org/node/604920nvdPatch
drupal.org/node/604922nvdPatch
drupal.org/node/604942nvdPatchVendor Advisory
secunia.com/advisories/37021nvdVendor Advisory
www.vupen.com/english/advisories/2009/2923nvdVendor Advisory
osvdb.org/58946nvd
www.securityfocus.com/bid/36708nvd
exchange.xforce.ibmcloud.com/vulnerabilities/53797nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000