2 matches found
CVE-2013-1972
The CVE-2013-1972 entry maps to Drupal-contributed elFinder file manager module vulnerabilities: CSRF in elFinder 6.x-0.x (before 6.x-0.8) and 7.x-0.x (before 7.x-0.8) could allow remote attackers to hijack user sessions and create, modify, or delete files via unknown vectors. A Drupal SA-CONTRIB...
SA-CONTRIB-2013-044 - elFinder file manager - Cross Site Request Forgery (CSRF)
The elfinder module provides an AJAX-based file manager based on the elFinder javascript library. The module doesn't sufficiently verify requests thereby exposing a Cross Site Request Forgery CSRF vulnerability. This would enable an attacker to create, modify, or delete files on the server. There...