6.8
MEDIUM

CVE-2012-0997

Published: 24/02/2012 Updated: 24/02/2012
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

Vulnerability Summary

Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote malicious users to hijack the authentication of administrators for requests that add new topics via an addTopic action.

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Complexity: MEDIUM
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Affected Products

Vendor Product Versions
11in111in11.2.1

Exploits

source: wwwsecurityfocuscom/bid/52025/info 11in1 is prone to a cross-site request-forgery and a local file include vulnerability An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and open or ...

Mailing Lists

11in1 version 121 stable 12-31-2011 suffers from cross site request forgery and local file inclusion vulnerabilities ...

References