{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-02-01T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper \"flood control.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "47851", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47851"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"}, {"name": "drupal-forward-unspecified-csrf(72922)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1425150"}, {"name": "51826", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/51826"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1423722"}, {"name": "78817", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/78817"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1057", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper \"flood control.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "47851", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47851"}, {"name": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3", "refsource": "CONFIRM", "url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"}, {"name": "drupal-forward-unspecified-csrf(72922)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"}, {"name": "http://drupal.org/node/1425150", "refsource": "CONFIRM", "url": "http://drupal.org/node/1425150"}, {"name": "51826", "refsource": "BID", "url": "http://www.securityfocus.com/bid/51826"}, {"name": "http://drupal.org/node/1423722", "refsource": "CONFIRM", "url": "http://drupal.org/node/1423722"}, {"name": "78817", "refsource": "OSVDB", "url": "http://osvdb.org/78817"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:45:26.800Z"}, "title": "CVE Program Container", "references": [{"name": "47851", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47851"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"}, {"name": "drupal-forward-unspecified-csrf(72922)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1425150"}, {"name": "51826", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/51826"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1423722"}, {"name": "78817", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/78817"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-1057", "datePublished": "2012-02-14T00:00:00", "dateReserved": "2012-02-13T00:00:00", "dateUpdated": "2024-08-06T18:45:26.800Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "591EF0E9-CCA3-4996-AB5B-5E9C3B4D4571", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8A3EE2BE-49DC-4573-AB55-3D0E80F2F70D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "310173CA-5639-4270-9134-A18EB3DD551D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.3:*:*:*:*:*:*:*", "matchCriteriaId": "533B6B8A-BE5E-4D19-AA1A-2B5C887C5BEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.4:*:*:*:*:*:*:*", "matchCriteriaId": "0B2B21E2-17B5-45EB-8A4F-FCC63EF0668C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.5:*:*:*:*:*:*:*", "matchCriteriaId": "C049D3E3-D4EA-4AE3-BED2-A63F3EEDA7F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BC8677D-28BD-42C8-A469-0070FD141BDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.7:*:*:*:*:*:*:*", "matchCriteriaId": "1D0307CD-9507-4FA2-8294-642688287717", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.8:*:*:*:*:*:*:*", "matchCriteriaId": "B6D66470-7133-4380-AC55-EE15C51F72D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.9:*:*:*:*:*:*:*", "matchCriteriaId": "000C51E5-4CE6-4839-BA93-4FFDD2EDCEDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.10:*:*:*:*:*:*:*", "matchCriteriaId": "D3989A71-9188-4FCF-828B-04DE4ABA1FFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.11:*:*:*:*:*:*:*", "matchCriteriaId": "F3A004DD-9852-4594-AAED-6A837971B606", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.12:*:*:*:*:*:*:*", "matchCriteriaId": "639D6DD6-166D-453E-82BD-9015D4A8B9A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.13:*:*:*:*:*:*:*", "matchCriteriaId": "ECBB54D3-94AF-4D47-853A-9E047950D84C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.14:*:*:*:*:*:*:*", "matchCriteriaId": "215024FE-1D6C-4220-A34D-3CB3E356C917", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.15:*:*:*:*:*:*:*", "matchCriteriaId": "54594F8E-8B3F-40B8-89A3-D974CB39CC65", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.16:*:*:*:*:*:*:*", "matchCriteriaId": "825510E4-F63E-4E2C-BAF2-20A59ECA2EF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.17:*:*:*:*:*:*:*", "matchCriteriaId": "BFCBEB31-6E98-4BBE-878A-441F5BCAEAC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.18:*:*:*:*:*:*:*", "matchCriteriaId": "31E3EB43-5550-4A59-B941-450934EAC037", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.19:*:*:*:*:*:*:*", "matchCriteriaId": "2AC1DAAB-7B6F-4CA1-A37B-7EC749E56BA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.20:*:*:*:*:*:*:*", "matchCriteriaId": "C1228050-F0DE-4493-A976-4EFC12E4A05B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:6.x-1.x-dev:*:*:*:*:*:*:*", "matchCriteriaId": "CC598C74-9D35-43EA-A74E-77605C4CEA9A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "63E6DB82-17BC-4F6B-AAF0-40054563E6A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "39F9DB1E-AA37-49AE-80BD-DA0F0BE242DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "0FAAB6A6-4844-41AA-AB5E-0DC94FCE43BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "3CBCB70F-ED6D-489F-8AE7-EA96CDA4DEA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "39881745-9EF8-44E7-8EBC-D99D7600D6F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "A662BB80-197A-4A5B-B25F-1FBBC01AAF4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "DD9CED5B-9A11-497C-B426-EBAF9BB30466", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "925866B3-0DF1-4B0B-8086-B7A72D317DBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "9A430208-187A-4BD7-BE60-4AC7819322F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "B8E02D86-E313-407D-8951-89E10AE6B6EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sean_robertson:forward:7.x-1.x-dev:*:*:*:*:*:*:*", "matchCriteriaId": "66A7EE37-458E-4150-A779-92F58079B23A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper \"flood control.\""}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en la funcionalidad 'clickthrough tracking' en el m\u00f3dulo Forward v6.x-1.x anterior a v6.x-1.21 y v7.x-1.x anterior a v7.x-1.3 para Drupal permite a atacantes remotos secuestras la autenticaci\u00f3n para administradores para peticiones de incremento de la clasificaci\u00f3n del nodo a trav\u00e9s de un c\u00f3digo de seguimiento, posiblemente relacionado con un control incorrecto."}], "id": "CVE-2012-1057", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-02-14T00:55:00.803", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://drupal.org/node/1423722"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/1425150"}, {"source": "cve@mitre.org", "url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/78817"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47851"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/51826"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://drupal.org/node/1423722"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/1425150"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/78817"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47851"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/51826"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72922"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}