VIR Vulnerability Intelligence Relay

CVE-2012-2080

medium
Published 2012-08-14 · Modified 2026-04-29
CVSS v3
CVSS v2
6.8
VIR risk
6.8

Description

Cross-site request forgery (CSRF) vulnerability in the Node Limit Number module before 6.x-1.2 for Drupal allows remote attackers to hijack the authentication of users with the administer node limitnumber permission for requests that delete limits.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/48597

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://drupalcode.org/project/node_limitnumber.git/commit/90f0d3a

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://drupal.org/node/1506728

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://drupal.org/node/1506594

Application impact
VendorProductVersionsFixed
node_limit_number_projectnode_limitnumber{"endIncluding":"6.x-1.1"}
node_limit_number_projectnode_limitnumber5.x-1.0
node_limit_number_projectnode_limitnumber5.x-1.1-1
node_limit_number_projectnode_limitnumber5.x-1.1-2
node_limit_number_projectnode_limitnumber5.x-1.1-3
node_limit_number_projectnode_limitnumber5.x-1.4
node_limit_number_projectnode_limitnumber5.x-1.x
node_limit_number_projectnode_limitnumber6.x-1.0
node_limit_number_projectnode_limitnumber6.x-2.0
node_limit_number_projectnode_limitnumber6.x-2.x
drupaldrupal-

References

CWEs

CWE-352

Verify integrity in audit chain (admin only). AS-IS.