cpe:/a:sean_robertson:forward:6.x-1.0 cpe:/a:sean_robertson:forward:6.x-1.1 cpe:/a:sean_robertson:forward:6.x-1.2 cpe:/a:sean_robertson:forward:6.x-1.3 cpe:/a:sean_robertson:forward:6.x-1.4 cpe:/a:sean_robertson:forward:6.x-1.5 cpe:/a:sean_robertson:forward:6.x-1.6 cpe:/a:sean_robertson:forward:6.x-1.7 cpe:/a:sean_robertson:forward:6.x-1.8 cpe:/a:sean_robertson:forward:6.x-1.9 cpe:/a:sean_robertson:forward:6.x-1.10 cpe:/a:sean_robertson:forward:6.x-1.11 cpe:/a:sean_robertson:forward:6.x-1.12 cpe:/a:sean_robertson:forward:6.x-1.13 cpe:/a:sean_robertson:forward:6.x-1.14 cpe:/a:sean_robertson:forward:6.x-1.15 cpe:/a:sean_robertson:forward:6.x-1.16 cpe:/a:sean_robertson:forward:6.x-1.17 cpe:/a:sean_robertson:forward:6.x-1.18 cpe:/a:sean_robertson:forward:6.x-1.19 cpe:/a:sean_robertson:forward:6.x-1.20 cpe:/a:sean_robertson:forward:6.x-1.x-dev cpe:/a:sean_robertson:forward:7.x-1.0 cpe:/a:sean_robertson:forward:7.x-1.0:alpha1 cpe:/a:sean_robertson:forward:7.x-1.0:alpha2 cpe:/a:sean_robertson:forward:7.x-1.0:alpha3 cpe:/a:sean_robertson:forward:7.x-1.0:rc1 cpe:/a:sean_robertson:forward:7.x-1.0:rc2 cpe:/a:sean_robertson:forward:7.x-1.0:rc3 cpe:/a:sean_robertson:forward:7.x-1.0:rc4 cpe:/a:sean_robertson:forward:7.x-1.1 cpe:/a:sean_robertson:forward:7.x-1.2 cpe:/a:sean_robertson:forward:7.x-1.x-dev CVE-2012-1057 2012-02-13T19:55:00.803-05:00 2017-08-28T21:31:10.883-04:00 6.0 NETWORK MEDIUM SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2012-02-14T10:55:00.000-05:00 SECUNIA 47851 BID 51826 OSVDB 78817 XF drupal-forward-unspecified-csrf(72922) CONFIRM http://drupal.org/node/1423722 CONFIRM http://drupal.org/node/1425150 CONFIRM http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3 Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper "flood control."