CVE-2007-4063

Publication date 30 July 2007

Last updated 17 July 2025

Ubuntu priority

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to (1) delete comments, (2) delete content revisions, and (3) disable menu items as privileged users, related to improper use of HTTP GET and the Forms API.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
drupal	7.04 feisty	Fixed 5.1-0ubuntu2.1
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2007-4063