CVE-2015-4379

EUVD-2015-4402
Cross-site request forgery (CSRF) vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
webform_multiple_file_upload_projectwebform_multiple_file_upload
6.x-1.0:x
webform_multiple_file_upload_projectwebform_multiple_file_upload
6.x-1.1:x
webform_multiple_file_upload_projectwebform_multiple_file_upload
6.x-1.2:x
webform_multiple_file_upload_projectwebform_multiple_file_upload
7.x-1.2:x
webform_multiple_file_upload_projectwebform_multiple_file_upload
7.x-1.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/74343
https://www.drupal.org/node/2459031
https://www.drupal.org/node/2459035
https://www.drupal.org/node/2459323
http://www.openwall.com/lists/oss-security/2015/04/25/6
http://www.securityfocus.com/bid/74343
https://www.drupal.org/node/2459031
https://www.drupal.org/node/2459035
https://www.drupal.org/node/2459323