CVE-2013-1972

EUVD-2013-1960
Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for Drupal allows remote attackers to hijack the authentication of unspecified victims to create, modify, or delete files via unknown vectors.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
alexey_sukhotinelfinder
6.x-0.4-beta1:x
alexey_sukhotinelfinder
6.x-0.4-beta3:x
alexey_sukhotinelfinder
6.x-0.5-beta2:x
alexey_sukhotinelfinder
6.x-0.6:x
alexey_sukhotinelfinder
6.x-0.7:x
alexey_sukhotinelfinder
7.x-0.6:x
alexey_sukhotinelfinder
7.x-0.7:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/fulldisclosure/2013-04/0237.html
http://osvdb.org/92533
https://drupal.org/node/1972082
https://drupal.org/node/1972084
https://drupal.org/node/1972942
https://exchange.xforce.ibmcloud.com/vulnerabilities/83651
http://archives.neohapsis.com/archives/fulldisclosure/2013-04/0237.html
http://osvdb.org/92533
https://drupal.org/node/1972082
https://drupal.org/node/1972084
https://drupal.org/node/1972942
https://exchange.xforce.ibmcloud.com/vulnerabilities/83651