6.8
MEDIUM

CVE-2012-0997

Published: 24/02/2012 Updated: 24/02/2012
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

Vulnerability Summary

Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action.

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Complexity: MEDIUM
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Affected Products

Vendor Product Versions
11in111in11.2.1

EDB Exploits

Mailing Lists

References