4.3
CVE-2013-1972
- EPSS 0.45%
- Veröffentlicht 24.06.2013 16:55:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginCross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for Drupal allows remote attackers to hijack the authentication of unspecified victims to create, modify, or delete files via unknown vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Alexey Sukhotin ≫ Elfinder Version6.x-0.4-beta1
Alexey Sukhotin ≫ Elfinder Version6.x-0.4-beta3
Alexey Sukhotin ≫ Elfinder Version6.x-0.5-beta2
Alexey Sukhotin ≫ Elfinder Version6.x-0.6
Alexey Sukhotin ≫ Elfinder Version6.x-0.7
Alexey Sukhotin ≫ Elfinder Version7.x-0.6
Alexey Sukhotin ≫ Elfinder Version7.x-0.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.627 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.