What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1.
CVSS base score
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1.
Explanation of Vulnerability in Simple Terms
The Theme Negotiation by Rules module for Drupal contains a cross-site request forgery (CSRF) vulnerability. An attacker can craft a malicious link or page that, when visited by a site administrator, performs unwanted actions on the site without their knowledge. Update to version 1.2.1 or later to fix this issue.
What an attacker can do
Perform unwanted actions on the site by tricking an administrator into visiting a malicious page.
Potential impact on your site
An attacker can modify theme settings or other site configuration if an admin visits a malicious link.
Conditions required to exploit
An administrator must visit a page controlled by the attacker; no special access or authentication bypass needed.
Key dates
External resources