Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for Drupal allows remote attackers to hijack the authentication of unspecified victims to create, modify, or delete files via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| alexey_sukhotin | elfinder | 6.x-0.4-beta1 |
| alexey_sukhotin | elfinder | 7.x-0.6 |
| alexey_sukhotin | elfinder | 6.x-0.5-beta2 |
| alexey_sukhotin | elfinder | 6.x-0.4-beta3 |
| alexey_sukhotin | elfinder | 6.x-0.6 |
| alexey_sukhotin | elfinder | 7.x-0.7 |
| alexey_sukhotin | elfinder | 6.x-0.7 |