Lucene search
MitreCVE-2012-0997HistoryFeb 24, 2012 - 1:55 p.m.
CVE-2012-0997
2012-02-2413:55:02
CWE-352
mitre
web.nvd.nist.gov
43
cve-2012-0997
csrf
vulnerability
admin/index.php
11in1
hijack authentication
addtopic action
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.1
Confidence
Low
EPSS
0.004
Percentile
72.3%
Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action.
Affected configurations
Node
11in111in1Match1.2.1stable_12-31-2011
References
Related
nvd
nvd
CVE-2012-0997
2012-02-24 13:55:02
prion
prion
Cross site request forgery (csrf)
2012-02-24 13:55:00
cvelist
cvelist
CVE-2012-0997
2012-02-20 19:00:00
exploitdb
exploitdb
11in1 CMS 1.2.1 - Cross-Site Request Forgery (Admin Password)
2012-02-15 00:00:00
securityvulns
securityvulns
Multiple vulnerabilities in 11in1
2012-02-22 00:00:00
packetstorm
packetstorm
htbridge
htbridge
Multiple vulnerabilities in 11in1
2012-01-25 00:00:00
openvas
openvas
11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
2012-02-16 00:00:00
11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
2012-02-16 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.1
Confidence
Low
EPSS
0.004
Percentile
72.3%
Related for CVE-2012-0997