Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-6660

Опубликовано: 24 авг. 2015
Источник: debian
EPSS Низкий

Описание

The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks."

Пакеты

ПакетСтатусВерсия исправленияРелизТип
drupal7fixed7.39-1package
drupal6removedpackage
drupal6end-of-lifesqueezepackage

Примечания

  • https://www.drupal.org/SA-CORE-2015-003

  • https://www.openwall.com/lists/oss-security/2015/08/21/5

EPSS

Процентиль: 64%
0.00478
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2015-6660

ubuntu
почти 10 лет назад

The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks."

nvd логотип

CVE-2015-6660

nvd
почти 10 лет назад

The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks."

github логотип

GHSA-vfw4-2ffw-69gw

github
около 3 лет назад

The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks."

EPSS

Процентиль: 64%
0.00478
Низкий