MidnightBSD

Advisories for alexey_sukhotin

CVE-2013-1972 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for Drupal allows remote attackers to hijack the authentication of unspecified victims to create, modify, or delete files via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
alexey_sukhotin elfinder 6.x-0.4-beta1
alexey_sukhotin elfinder 7.x-0.6
alexey_sukhotin elfinder 6.x-0.5-beta2
alexey_sukhotin elfinder 6.x-0.4-beta3
alexey_sukhotin elfinder 6.x-0.6
alexey_sukhotin elfinder 7.x-0.7
alexey_sukhotin elfinder 6.x-0.7