Unrated severityNVD Advisory· Published Aug 14, 2012· Updated Apr 29, 2026
CVE-2012-2097
CVE-2012-2097
Description
Cross-site request forgery (CSRF) vulnerability in the Autosave module 6.x before 6.x-2.10 and 7.x-2.x before 7.x-2.0 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests involving "submitting saved results to a node."
Affected products
12cpe:2.3:a:larry_garfield:autosave:*:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:larry_garfield:autosave:*:*:*:*:*:*:*:*range: <=6.x-2.9
- cpe:2.3:a:larry_garfield:autosave:6.x-2.0:*:*:*:*:*:*:*
- cpe:2.3:a:larry_garfield:autosave:6.x-2.1:*:*:*:*:*:*:*
- cpe:2.3:a:larry_garfield:autosave:6.x-2.2:*:*:*:*:*:*:*
- cpe:2.3:a:larry_garfield:autosave:6.x-2.3:*:*:*:*:*:*:*
- cpe:2.3:a:larry_garfield:autosave:6.x-2.4:*:*:*:*:*:*:*
- cpe:2.3:a:larry_garfield:autosave:6.x-2.5:*:*:*:*:*:*:*
- cpe:2.3:a:larry_garfield:autosave:6.x-2.6:*:*:*:*:*:*:*
- cpe:2.3:a:larry_garfield:autosave:6.x-2.7:*:*:*:*:*:*:*
- cpe:2.3:a:larry_garfield:autosave:6.x-2.8:*:*:*:*:*:*:*
- cpe:2.3:a:larry_garfield:autosave:6.x-2.x:dev:*:*:*:*:*:*
- cpe:2.3:a:larry_garfield:autosave:7.x-2.x:dev:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- drupal.org/node/1525998nvdPatch
- drupal.org/node/1528864nvdPatchVendor Advisory
- drupal.org/node/1528906nvdPatch
- drupalcode.org/project/autosave.git/commitdiff/39f7fb0nvdExploitPatch
- drupalcode.org/project/autosave.git/commitdiff/f7bfd2dnvdExploitPatch
- www.openwall.com/lists/oss-security/2012/04/11/4nvd
- www.openwall.com/lists/oss-security/2012/04/12/2nvd
- www.securityfocus.com/bid/52985nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/74838nvd
News mentions
0No linked articles in our index yet.