4.3
CVE-2013-1972
- EPSS 1.35%
- Veröffentlicht 24.06.2013 16:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginCross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for Drupal allows remote attackers to hijack the authentication of unspecified victims to create, modify, or delete files via unknown vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Alexey Sukhotin ≫ Elfinder Version6.x-0.4-beta1
Alexey Sukhotin ≫ Elfinder Version6.x-0.4-beta3
Alexey Sukhotin ≫ Elfinder Version6.x-0.5-beta2
Alexey Sukhotin ≫ Elfinder Version6.x-0.6
Alexey Sukhotin ≫ Elfinder Version6.x-0.7
Alexey Sukhotin ≫ Elfinder Version7.x-0.6
Alexey Sukhotin ≫ Elfinder Version7.x-0.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.35% | 0.68 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://archives.neohapsis.com/archives/fulldisclosure/2013-04/0237.html
http://osvdb.org/92533
https://drupal.org/node/1972082
https://drupal.org/node/1972084
https://drupal.org/node/1972942
https://exchange.xforce.ibmcloud.com/vulnerabilities/83651