CVE-2015-7234

Published: Sep 17, 2015Modified: May 6, 2026

4.0

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:P

Exploitability: 4.9 / Impact: 4.9

Source: NVD

Description

The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology and OSF Import modules are enabled, allows user-assisted remote attackers to delete arbitrary files via unspecified vectors.

Affected (2)

Products: Structured Dynamics: Open Semantic Framework

Structured Dynamics

1 product

Open Semantic Framework

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Structured Dynamics Open Semantic Framework	Version 7.x-3.0
Structured Dynamics Open Semantic Framework	Version 7.x-3.x dev

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://cgit.drupalcode.org/osf/commit/?id=35c6e61

Source: cve@mitre.org

https://www.drupal.org/node/2537120

Source: cve@mitre.org

Patch

https://www.drupal.org/node/2537860

Source: cve@mitre.org

PatchVendor Advisory

http://cgit.drupalcode.org/osf/commit/?id=35c6e61

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.drupal.org/node/2537120

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://www.drupal.org/node/2537860

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.