Published: 24/02/2012 Updated: 24/02/2012
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote malicious users to hijack the authentication of administrators for requests that add new topics via an addTopic action.

Affected Products

Vendor Product Versions


source: wwwsecurityfocuscom/bid/52025/info 11in1 is prone to a cross-site request-forgery and a local file include vulnerability An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and open or ...

Mailing Lists

11in1 version 121 stable 12-31-2011 suffers from cross site request forgery and local file inclusion vulnerabilities ...