Drupal User Deletion Cross-Site Request Forgery (CSRF) Vulnerability - SA-2007-029

The Drupal Forms API protects against cross site request forgeries (CSRF) where a malicious site can cause a user to unintentionally submit a form to a site where he is authenticated. The user deletion form does not follow the standard Forms API submission model and is therefore not protected against this type of attack. A CSRF attack may result in the deletion of users. Vulnerability ID: SA-2007-029 Official Reference: https://www.drupal.org/node/184348