CSRF Vulnerability in Drupal Form API by Drupal Association
CVE-2015-6660

Currently unrated

Key Information:

Vendor

Drupal
Status
Drupal
Vendor
CVE Published:
24 August 2015

What is CVE-2015-6660?

The Form API in Drupal versions prior to 6.37 and 7.39 lacks proper validation of form tokens, which exposes the system to CSRF attacks. This vulnerability could allow attackers to upload files within the context of another user’s account by exploiting weaknesses in file upload value callbacks. Consequently, unauthorized actions may be executed, compromising the integrity and security of user accounts.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA
http://www.securitytracker.com/id/1033358
vdb-entryx_refsource_SECTRACK

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.