11in1 Cross Site Request Forgery And Local File Include Vulnerabilities Network Vulnerability

Summary

11in1 is prone to a cross-site request-forgery and a local file include vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and open or run arbitrary files in the context of the affected application. 11in1 1.2.1 is vulnerable other versions may also be affected.

References

http://www.11in1.org/
http://www.securityfocus.com/archive/1/521660
http://www.securityfocus.com/bid/52025

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0996, CVE-2012-0997
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache CouchDB Cross Site Request Forgery Vulnerability
Apache Solr Directory Traversal Vulnerability Jan-14
Apache Struts Directory Traversal Vulnerability
Advanced Image Hosting Cross Site Scripting Vulnerability
Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability

11in1 Cross Site Request Forgery and Local File Include Vulnerabilities

Take action and discover your vulnerabilities