Lucene search

[email protected]CVE-2011-0535

HistoryFeb 08, 2011 - 10:00 p.m.

CVE-2011-0535

2011-02-0822:00:01

CWE-352

[email protected]

web.nvd.nist.gov

cve-2011-0535

csrf

vulnerability

zikula

authentication

administrators

access privileges

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.028 Low

EPSS

Percentile

90.8%

JSON

Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php.

Affected configurations

NVD

Node

zikulazikula_application_frameworkRange≤1.2.4

zikulazikula_application_frameworkMatch1.1.2

zikulazikula_application_frameworkMatch1.2.1

zikulazikula_application_frameworkMatch1.2.2

zikulazikula_application_frameworkMatch1.2.3

CPENameOperatorVersion
zikula:zikula_application_frameworkzikula zikula application frameworkle1.2.4
zikula:zikula_application_frameworkzikula zikula application frameworkeq1.1.2
zikula:zikula_application_frameworkzikula zikula application frameworkeq1.2.1
zikula:zikula_application_frameworkzikula zikula application frameworkeq1.2.2
zikula:zikula_application_frameworkzikula zikula application frameworkeq1.2.3

CPE	Name	Operator	Version
zikula:zikula_application_framework	zikula zikula application framework	le	1.2.4
zikula:zikula_application_framework	zikula zikula application framework	eq	1.1.2
zikula:zikula_application_framework	zikula zikula application framework	eq	1.2.1
zikula:zikula_application_framework	zikula zikula application framework	eq	1.2.2
zikula:zikula_application_framework	zikula zikula application framework	eq	1.2.3

References

bl0g.yehg.net/2011/02/zikula-cms-124-cross-site-request.html

code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG

community.zikula.org/index.php?module=News&func=display&sid=3041&title=zikula-1.2.5-released

openwall.com/lists/oss-security/2011/02/01/1

openwall.com/lists/oss-security/2011/02/03/1

seclists.org/fulldisclosure/2011/Feb/0

secunia.com/advisories/43114

securityreason.com/securityalert/8067

www.osvdb.org/70751

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.028 Low

EPSS

Percentile

90.8%

JSON

Related for CVE-2011-0535

nvd2 cvelist2 prion2 openvas2 cve1