CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2012-2341
https://notcve.org/view.php?id=CVE-2012-2341
Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files. Vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en el módulo Take Control v6.x-2.x antes de v6.x-2.2 para Drupal, permite a atacantes remotos secuestrar la autenticación de usuarios no especificados en peticiones AJAX que manipulan ficheros. • http://drupal.org/node/1243604 http://drupal.org/node/1569512 http://secunia.com/advisories/49060 http://www.openwall.com/lists/oss-security/2012/05/10/6 http://www.openwall.com/lists/oss-security/2012/05/11/2 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.openwall.com/lists/oss-security/2012/06/15/6 http://www.securityfocus.com/bid/53452 https://exchange.xforce.ibmcloud.com/vulnerabilities/75504 • CWE-352: Cross-Site Request Forgery (CSRF) •