Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2015-6660

Опубликовано: 24 авг. 2015
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.8

Описание

The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks."

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

jammy

DNE

kinetic

DNE

Показывать по

РелизСтатусПримечание
artful

ignored

end of life
bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

esm-apps/xenial

not-affected

7.44-1ubuntu1~16.04.0
esm-infra-legacy/trusty

needed

esm-infra/focal

DNE

focal

DNE

jammy

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 64%
0.00478
Низкий

6.8 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2015-6660

nvd
почти 10 лет назад

The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks."

debian логотип

CVE-2015-6660

debian
почти 10 лет назад

The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not pr ...

github логотип

GHSA-vfw4-2ffw-69gw

github
около 3 лет назад

The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks."

EPSS

Процентиль: 64%
0.00478
Низкий

6.8 Medium

CVSS2