CVSS Severity (version 2.0):
CVSS v2 Base Score:
Impact Subscore: 6.4
Exploitability Subscore: 4.9
CVSS Version 2 Metrics:
Access Vector: Network exploitable - Victim must voluntarily interact with attack mechanism
Access Complexity: High
Authentication: Not required to exploit
Impact Type: Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service
In order to make the exploit work, the attacker would have to craft a webpage (hosted on the same domain as the Drake CMS website) and have the Drake CMS user make a post from that page.
Successful exploitation requires that "register_globals" is enabled.