Описание
Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- Permissions Required
- Tool SignatureVDB Entry
- PatchThird Party Advisory
- Third Party Advisory
- Permissions Required
- Tool SignatureVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:e-publish_project:e-publish:5.x-1.0:*:*:*:*:drupal:*:*
cpe:2.3:a:e-publish_project:e-publish:5.x-1.x:dev:*:*:*:drupal:*:*
cpe:2.3:a:e-publish_project:e-publish:6.x-1.x:dev:*:*:*:drupal:*:*
EPSS
Процентиль: 53%
0.00301
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
почти 4 года назад
Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors.
EPSS
Процентиль: 53%
0.00301
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352