Zikula CMS CSRF Vulnerability Network Vulnerability

Summary

This host is running Zikula and is prone to cross-site request forgery vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary commands in the context of affected site. Impact Level: Application.

Solution

Upgrade to the Zikula version 1.2.5 For updates refer to http://zikula.org/

Insight

The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for majority of administrator functions such as adding new user, assigning user to administrative privilege.

Affected

Zikula version 1.2.4 and prior

References

http://packetstormsecurity.org/files/view/98060/zikulacms-xsrf.txt
http://securityreason.com/exploitalert/9921
http://www.exploit-db.com/exploits/16097/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0535, CVE-2011-0911
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

@Mail 'admin.php' Cross-Site Scripting Vulnerabilities
Ampache Reflected Cross Site Scripting Vulnerability
Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
Apache Struts Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities