Lucene search

[email protected]NVD:CVE-2011-0748

HistoryApr 13, 2011 - 2:55 p.m.

CVE-2011-0748

2011-04-1314:55:01

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.003

Percentile

71.0%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in phpList before 2.10.13 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) edit administrator accounts.

Affected configurations

Nvd

Node

tincanphplistRange≤2.10.12

tincanphplistMatch1.0

tincanphplistMatch1.0.1

tincanphplistMatch1.1.2b

tincanphplistMatch1.1.3b

tincanphplistMatch1.1.4b

tincanphplistMatch1.1.5

tincanphplistMatch1.1.5b

tincanphplistMatch1.1.6

tincanphplistMatch1.1.7

tincanphplistMatch1.3.5

tincanphplistMatch1.3.7

tincanphplistMatch1.4.1

tincanphplistMatch1.5.0

tincanphplistMatch1.5.1

tincanphplistMatch1.6.0

tincanphplistMatch1.6.1

tincanphplistMatch1.6.3

tincanphplistMatch1.6.4

tincanphplistMatch1.7.0

tincanphplistMatch1.7.1

tincanphplistMatch1.8.0

tincanphplistMatch1.9.0

tincanphplistMatch1.9.1

tincanphplistMatch1.9.2

tincanphplistMatch1.9.3

tincanphplistMatch2.1.0

tincanphplistMatch2.1.1

tincanphplistMatch2.1.3

tincanphplistMatch2.1.4

tincanphplistMatch2.2.0

tincanphplistMatch2.2.1

tincanphplistMatch2.3.0

tincanphplistMatch2.3.1

tincanphplistMatch2.3.2

tincanphplistMatch2.3.3

tincanphplistMatch2.3.4

tincanphplistMatch2.4.0

tincanphplistMatch2.4.7

tincanphplistMatch2.5.0

tincanphplistMatch2.5.1

tincanphplistMatch2.5.2

tincanphplistMatch2.5.3

tincanphplistMatch2.5.4

tincanphplistMatch2.5.5

tincanphplistMatch2.5.6

tincanphplistMatch2.5.7

tincanphplistMatch2.5.8

tincanphplistMatch2.6

tincanphplistMatch2.6.0

tincanphplistMatch2.6.1

tincanphplistMatch2.6.2

tincanphplistMatch2.6.3

tincanphplistMatch2.6.4

tincanphplistMatch2.6.5

tincanphplistMatch2.7.1

tincanphplistMatch2.7.2

tincanphplistMatch2.8.2

tincanphplistMatch2.8.7

tincanphplistMatch2.8.12

tincanphplistMatch2.9.3

tincanphplistMatch2.9.4

tincanphplistMatch2.9.5

tincanphplistMatch2.10.1

tincanphplistMatch2.10.2

tincanphplistMatch2.10.3

tincanphplistMatch2.10.4

tincanphplistMatch2.10.5

tincanphplistMatch2.10.6

tincanphplistMatch2.10.7

tincanphplistMatch2.10.8

tincanphplistMatch2.10.9

tincanphplistMatch2.10.10

tincanphplistMatch2.10.11

VendorProductVersionCPE
tincanphplist*cpe:2.3:a:tincan:phplist:*:*:*:*:*:*:*:*
tincanphplist1.0cpe:2.3:a:tincan:phplist:1.0:*:*:*:*:*:*:*
tincanphplist1.0.1cpe:2.3:a:tincan:phplist:1.0.1:*:*:*:*:*:*:*
tincanphplist1.1.2bcpe:2.3:a:tincan:phplist:1.1.2b:*:*:*:*:*:*:*
tincanphplist1.1.3bcpe:2.3:a:tincan:phplist:1.1.3b:*:*:*:*:*:*:*
tincanphplist1.1.4bcpe:2.3:a:tincan:phplist:1.1.4b:*:*:*:*:*:*:*
tincanphplist1.1.5cpe:2.3:a:tincan:phplist:1.1.5:*:*:*:*:*:*:*
tincanphplist1.1.5bcpe:2.3:a:tincan:phplist:1.1.5b:*:*:*:*:*:*:*
tincanphplist1.1.6cpe:2.3:a:tincan:phplist:1.1.6:*:*:*:*:*:*:*
tincanphplist1.1.7cpe:2.3:a:tincan:phplist:1.1.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tincan	phplist	*	cpe:2.3:a:tincan:phplist::::::::
tincan	phplist	1.0	cpe:2.3:a:tincan:phplist:1.0:::::::*
tincan	phplist	1.0.1	cpe:2.3:a:tincan:phplist:1.0.1:::::::*
tincan	phplist	1.1.2b	cpe:2.3:a:tincan:phplist:1.1.2b:::::::*
tincan	phplist	1.1.3b	cpe:2.3:a:tincan:phplist:1.1.3b:::::::*
tincan	phplist	1.1.4b	cpe:2.3:a:tincan:phplist:1.1.4b:::::::*
tincan	phplist	1.1.5	cpe:2.3:a:tincan:phplist:1.1.5:::::::*
tincan	phplist	1.1.5b	cpe:2.3:a:tincan:phplist:1.1.5b:::::::*
tincan	phplist	1.1.6	cpe:2.3:a:tincan:phplist:1.1.6:::::::*
tincan	phplist	1.1.7	cpe:2.3:a:tincan:phplist:1.1.7:::::::*

Rows per page:

1-10 of 741

References

int21.de/cve/CVE-2011-0748-phplist.html

osvdb.org/78549

secunia.com/advisories/44041

securityreason.com/securityalert/8199

www.exploit-db.com/exploits/18419

www.phplist.com/?lid=516

www.securityfocus.com/archive/1/517400/100/0/threaded

www.securityfocus.com/bid/51681

exchange.xforce.ibmcloud.com/vulnerabilities/72746

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.003

Percentile

71.0%

JSON

Related for NVD:CVE-2011-0748

cve2 prion2 cvelist2 securityvulns1 nvd1 exploitdb1