SA-CONTRIB-2013-044 - elFinder file manager - Cross Site Request Forgery (CSRF)
The elfinder module provides an AJAX-based file manager based on the elFinder javascript library. The module doesn't sufficiently verify requests thereby exposing a Cross Site Request Forgery CSRF vulnerability. This would enable an attacker to create, modify, or delete files on the server. There...