Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.
Debian Linux Security Advisory 4706-1 - It was discovered that Drupal, a fully-featured content management framework, was suspectible to cross site request forgery.