Vulnerability Details : CVE-2012-2341
Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files.
Vulnerability category: Cross-site request forgery (CSRF)
Exploit prediction scoring system (EPSS) score for CVE-2012-2341
Probability of exploitation activity in the next 30 days: 0.33%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 67 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-2341
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2012-2341
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2341
-
http://drupal.org/node/1243604
take_control 6.x-2.2 | Drupal.org
-
http://www.openwall.com/lists/oss-security/2012/05/11/2
oss-security - Re: CVE Request for Drupal contributed modules - 2012-05-10
-
http://www.openwall.com/lists/oss-security/2012/06/14/3
oss-security - Re: CVE Request for Drupal contributed modules
-
http://www.securityfocus.com/bid/53452
Drupal Take Control Module Cross Site Request Forgery Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/75504
Take Control module for Drupal Ajax calls cross-site request forgery CVE-2012-2341 Vulnerability Report
-
http://drupal.org/node/1569512
SA-CONTRIB-2012-075 - Take Control - Cross Site Request Forgery (CSRF) | Drupal.org
-
http://www.openwall.com/lists/oss-security/2012/05/10/6
oss-security - CVE Request for Drupal contributed modules - 2012-05-10
-
http://www.openwall.com/lists/oss-security/2012/06/15/6
oss-security - Re: CVE Request for Drupal contributed modules
Products affected by CVE-2012-2341
- cpe:2.3:a:rahul_singla:take_control:6.x-2.x:*:*:*:*:*:*:*
- cpe:2.3:a:rahul_singla:take_control:6.x-1.x:*:*:*:*:*:*:*
- cpe:2.3:a:rahul_singla:take_control:6.x-2.0:beta3:*:*:*:*:*:*