Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims into visiting the front page of the site with a crafted URL and causing form data to be sent to an attacker-controlled site, possibly related to multiple / (slash) characters that are not properly handled by includes/bootstrap.inc, as demonstrated using the search box. NOTE: this vulnerability can be leveraged to conduct cross-site request forgery (CSRF) attacks.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-05-06T17:00:00

Updated: 2024-08-07T05:20:34.527Z

Reserved: 2009-05-06T00:00:00

Link: CVE-2009-1576

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2009-05-06T17:30:09.860

Modified: 2024-11-21T01:02:48.987

Link: CVE-2009-1576

cve-icon Redhat

Severity : Moderate

Publid Date: 2009-04-30T00:00:00Z

Links: CVE-2009-1576 - Bugzilla