CVE-2012-2080

Published: Aug 14, 2012Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the Node Limit Number module before 6.x-1.2 for Drupal allows remote attackers to hijack the authentication of users with the administer node limitnumber permission for requests that delete limits.

Affected (13)

Products: Node Limit Number Project: Node Limitnumber

Node Limit Number Project

1 product

Node Limitnumber

Configuration A

13 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Node Limit Number Project Node Limitnumber	Up to 6.x-1.1
Node Limit Number Project Node Limitnumber	Version 5.x-1.0
Node Limit Number Project Node Limitnumber	Version 5.x-1.1-1
Node Limit Number Project Node Limitnumber	Version 5.x-1.1-2
Node Limit Number Project Node Limitnumber	Version 5.x-1.1-3
Node Limit Number Project Node Limitnumber	Version 5.x-1.4
Node Limit Number Project Node Limitnumber	Version 5.x-1.x dev
Node Limit Number Project Node Limitnumber	Version 6.x-1.0
Node Limit Number Project Node Limitnumber	Version 6.x-2.0 alpha1
Node Limit Number Project Node Limitnumber	Version 6.x-2.0 alpha2
Node Limit Number Project Node Limitnumber	Version 6.x-2.0 beta1
Node Limit Number Project Node Limitnumber	Version 6.x-2.0 beta2
Node Limit Number Project Node Limitnumber	Version 6.x-2.x dev

Running on/with	Platform Versions
Drupal Drupal	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (16)

http://drupal.org/node/1506594

Source: secalert@redhat.com

Patch

http://drupal.org/node/1506728

Source: secalert@redhat.com

PatchVendor Advisory

http://drupalcode.org/project/node_limitnumber.git/commit/90f0d3a

Source: secalert@redhat.com

ExploitPatch

http://osvdb.org/80684

Source: secalert@redhat.com

http://secunia.com/advisories/48597

Source: secalert@redhat.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2012/04/07/1

Source: secalert@redhat.com

http://www.securityfocus.com/bid/52816

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/74525

Source: secalert@redhat.com

http://drupal.org/node/1506594

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://drupal.org/node/1506728

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://drupalcode.org/project/node_limitnumber.git/commit/90f0d3a

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://osvdb.org/80684

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/48597

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.openwall.com/lists/oss-security/2012/04/07/1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/52816

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/74525

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.