CVE-2012-1631

medium

Published 2012-09-20 · Modified 2026-04-29

CVSS v3

—

CVSS v2

6.8

VIR risk

6.8

Description

Cross-site request forgery (CSRF) vulnerability in the Admin:hover module for Drupal allows remote attackers to hijack the authentication of administrators for requests that unpublish all nodes, and possibly other actions, via unspecified vectors.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://drupal.org/node/1407206

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://drupal.org/node/1401644

Application impact

Vendor	Product	Versions	Fixed
databasepublish	admin\	`hover`
drupal	drupal	`-`

References

http://drupal.org/node/1401644
http://drupal.org/node/1407206
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://www.securityfocus.com/bid/51388
https://exchange.xforce.ibmcloud.com/vulnerabilities/72386
http://drupal.org/node/1401644
http://drupal.org/node/1407206
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://www.securityfocus.com/bid/51388
https://exchange.xforce.ibmcloud.com/vulnerabilities/72386

CWEs

CWE-352

Verify integrity in audit chain (admin only). AS-IS.