CVE-2012-0997

Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action.

Published : 2012-02-24 13:55 Updated : 2012-02-24 05:00

6.8
CVSS Score More info
Score 6.8 / 10
6.8
Vendor Product Version URI
11in1 11in1 1.2.1 cpe:/a:11in1:11in1:1.2.1:stable_12-31-2011
  1. 11in1 (1) Search CVE
    1. 11in1 (1) Search CVE
      1. 1.2.1

CWE

ID Name Description Links
CWE-352 Cross-Site Request Forgery (CSRF) The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. CVE

Reference

History of changes

Date Event
2012-02-24 13:55

New CVE