CVE-2015-4379

Cross-site request forgery (CSRF) vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
webform_multiple_file_upload_projectwebform_multiple_file_upload
6.x-1.0:x
webform_multiple_file_upload_projectwebform_multiple_file_upload
6.x-1.1:x
webform_multiple_file_upload_projectwebform_multiple_file_upload
6.x-1.2:x
webform_multiple_file_upload_projectwebform_multiple_file_upload
7.x-1.2:x
webform_multiple_file_upload_projectwebform_multiple_file_upload
7.x-1.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/74343
https://www.drupal.org/node/2459031
https://www.drupal.org/node/2459035
https://www.drupal.org/node/2459323
http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/74343
https://www.drupal.org/node/2459031
https://www.drupal.org/node/2459035
https://www.drupal.org/node/2459323