CVE-2007-2160

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to perform unauthorized actions as an arbitrary user, a related issue to CVE-2006-5476.

Affected products

• Drupal / database_administration_module4.6 – 4.6
• Drupal / database_administration_module4.7 – 4.7

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/24848
• MISChttp://osvdb.org/34962
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/1360
• MISChttp://drupal.org/node/135549