Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Drupal Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2015-6660 - Vulnerability Database
Drupal

Drupal Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2015-6660

Medium
Reference: CVE-2015-6660
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-6660
Title: Drupal Cross-Site Request Forgery (CSRF) Vulnerability
Overview:

The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token which allows remote attackers to conduct CSRF attacks that upload files in a different user39s account via vectors related to quotfile upload value callbacks.quot