N/A

Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.

N/A

N/A

Drupal 跨站请求伪造漏洞

Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。 Drupal 8.2.7之前的8.2.x版本中存在跨站请求伪造漏洞，该漏洞源于程序没有对管理路径使用CSRF令牌保护。远程攻击者可利用该漏洞执行未授权的操作。

N/A

N/A