1
Candidate: CVE-2015-6660
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6660
5
https://www.drupal.org/SA-CORE-2015-003
7
The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not
8
properly validate the form token, which allows remote attackers to conduct
9
CSRF attacks that upload files in a different user's account via vectors
10
related to "file upload value callbacks."
15
Discovered-by: Abdullah Hussam
19
upstream_drupal6: released (6.37)
20
precise_drupal6: ignored (reached end-of-life)
21
precise/esm_drupal6: DNE (precise was needed)
24
vivid/stable-phone-overlay_drupal6: DNE
25
vivid/ubuntu-core_drupal6: DNE
35
upstream_drupal7: released (7.39-1)
36
precise_drupal7: ignored (reached end-of-life)
37
precise/esm_drupal7: DNE (precise was needed)
38
trusty_drupal7: needed
39
vivid_drupal7: released (7.32-1+deb8u5build0.15.04.1)
40
vivid/stable-phone-overlay_drupal7: DNE
41
vivid/ubuntu-core_drupal7: DNE
42
wily_drupal7: ignored (reached end-of-life)
43
xenial_drupal7: needed
44
yakkety_drupal7: ignored (reached end-of-life)
45
zesty_drupal7: ignored (reached end-of-life)
46
artful_drupal7: needed