CVE-2013-1972

Published Jun 24, 2013

Last updated 7 years ago

Overview

Description: Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for Drupal allows remote attackers to hijack the authentication of unspecified victims to create, modify, or delete files via unknown vectors.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:alexey_sukhotin:elfinder:6.x-0.4-beta1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC3E2A46-23C5-4B79-AAFF-F8CBB95284D2"
          },
          {
            "criteria": "cpe:2.3:a:alexey_sukhotin:elfinder:6.x-0.4-beta3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BA1FD56-58E0-430C-B080-FAC0439F5C1F"
          },
          {
            "criteria": "cpe:2.3:a:alexey_sukhotin:elfinder:6.x-0.5-beta2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98F97B22-30B9-44B9-AC98-CFBBD91C7C59"
          },
          {
            "criteria": "cpe:2.3:a:alexey_sukhotin:elfinder:6.x-0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "150B4DF8-EAA3-463D-A1DD-4CB632B571F9"
          },
          {
            "criteria": "cpe:2.3:a:alexey_sukhotin:elfinder:6.x-0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0241D9D-8CC0-447C-9757-C00BCAD39958"
          },
          {
            "criteria": "cpe:2.3:a:alexey_sukhotin:elfinder:7.x-0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "013BB5F6-A4BF-4836-82D6-292CBE4FD379"
          },
          {
            "criteria": "cpe:2.3:a:alexey_sukhotin:elfinder:7.x-0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "348D56F6-BDC6-4212-ACEA-17B1AB2FC3E4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References