What is the severity of CVE-2024-13293?

CVE-2024-13293 is classified as a high severity Cross-Site Request Forgery (CSRF) vulnerability.

How do I fix CVE-2024-13293?

To fix CVE-2024-13293, upgrade to POST File version 1.0.2 or later.

Which versions of Drupal POST File are affected by CVE-2024-13293?

CVE-2024-13293 affects Drupal POST File versions from 0.0.0 up to, but not including, 1.0.2.

What impact does CVE-2024-13293 have?

CVE-2024-13293 could allow attackers to perform unauthorized actions on behalf of users without their consent.

Is CVE-2024-13293 an exploitation risk for existing Drupal installations?

Yes, if your Drupal installation uses affected versions of POST File, it is at risk for exploitation due to CVE-2024-13293.

Vulnerability/
CVE-2024-13293

low

3.1

CWE

352

9/1/2025

10/1/2025

CVE-2024-13293: POST File - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-059

First published: Thu Jan 09 2025(Updated: )

Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST File allows Cross Site Request Forgery.This issue affects POST File: from 0.0.0 before 1.0.2.

Credit: mlhess@drupal.org

Affected Software	Affected Version	How to fix
Drupal POST File	>0.0.0<=1.0.2

Never miss a vulnerability like this again

Reference Links

https://www.drupal.org/sa-contrib-2024-059

Frequently Asked Questions

What is the severity of CVE-2024-13293?
CVE-2024-13293 is classified as a high severity Cross-Site Request Forgery (CSRF) vulnerability.
How do I fix CVE-2024-13293?
To fix CVE-2024-13293, upgrade to POST File version 1.0.2 or later.
Which versions of Drupal POST File are affected by CVE-2024-13293?
CVE-2024-13293 affects Drupal POST File versions from 0.0.0 up to, but not including, 1.0.2.
What impact does CVE-2024-13293 have?
CVE-2024-13293 could allow attackers to perform unauthorized actions on behalf of users without their consent.
Is CVE-2024-13293 an exploitation risk for existing Drupal installations?
Yes, if your Drupal installation uses affected versions of POST File, it is at risk for exploitation due to CVE-2024-13293.

agent/weakness
agent/title
agent/references
agent/type
agent/description
agent/first-publish-date
agent/author
collector/nvd-api
source/NVD
agent/last-modified-date
agent/severity
agent/event
collector/mitre-cve
source/MITRE
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2024-13293?
CVE-2024-13293 is classified as a high severity Cross-Site Request Forgery (CSRF) vulnerability.
How do I fix CVE-2024-13293?
To fix CVE-2024-13293, upgrade to POST File version 1.0.2 or later.
Which versions of Drupal POST File are affected by CVE-2024-13293?
CVE-2024-13293 affects Drupal POST File versions from 0.0.0 up to, but not including, 1.0.2.
What impact does CVE-2024-13293 have?
CVE-2024-13293 could allow attackers to perform unauthorized actions on behalf of users without their consent.
Is CVE-2024-13293 an exploitation risk for existing Drupal installations?
Yes, if your Drupal installation uses affected versions of POST File, it is at risk for exploitation due to CVE-2024-13293.