CVE-2011-0535

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2011-0535
Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://bl0g.yehg.net/2011/02/zikula-cms-124-cross-site-request.html Exploit
http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG
http://community.zikula.org/index.php?module=News&func=display&sid=3041&title=zikula-1.2.5-released
http://openwall.com/lists/oss-security/2011/02/01/1 Exploit
http://openwall.com/lists/oss-security/2011/02/03/1 Exploit
http://seclists.org/fulldisclosure/2011/Feb/0 Exploit
http://secunia.com/advisories/43114 Vendor Advisory
http://securityreason.com/securityalert/8067
http://www.osvdb.org/70751
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zikula:zikula_application_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:zikula:zikula_application_framework:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:zikula:zikula_application_framework:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:zikula:zikula_application_framework:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:zikula:zikula_application_framework:1.2.3:*:*:*:*:*:*:*
History

No history.

Information

Published : 2011-02-08 22:00

Updated : 2024-02-04 17:54

NVD link : CVE-2011-0535

Mitre link : CVE-2011-0535

CVE.ORG link : CVE-2011-0535

JSON object : View

Products Affected

zikula

  • zikula_application_framework
CWE
CWE-352

Cross-Site Request Forgery (CSRF)