7 matches found
3 Popular Drupal Modules Found Vulnerable — Patch Released
Just yesterday, I wrote a warning article announcing that Drupal – the popular open source content management system – will release patches for several highly critical Remote Code Execution RCE bugs that could allow attackers to fully take over any affected site. Below are the three separate Drup...
Drupal Patches Three Remote Code Execution Vulnerabilities in Modules
Developers with the open source content management framework Drupal today patched a series of highly critical remote code execution bugs in three separate modules. If exploited, the bugs could let an attacker take over any site running the modules. Fixes for pushed for RESTful Web Services, a...
CVE-2015-4379
Cross-site request forgery CSRF vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors...
CVE-2015-4379
CVE-2015-4379 affects the Drupal Webform Multiple File Upload module (versions 6.x-1.x prior to 6.x-1.3 and 7.x-1.x prior to 7.x-1.3). The underlying issue is a CSRF vulnerability that allows remote attackers to hijack the authentication of certain users to perform file-deletion actions via unspe...
CVE-2015-4379
Cross-site request forgery CSRF vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors...
Webform Multiple File Upload - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-083
Webform Multiple File Upload module enables you to upload multiple files at once in webforms. The module doesn't sufficiently protect some URLs against CSRF. A malicious user can cause a user with edit access to webforms to delete files by getting their browser to make a request to a...