Description
Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Cross-Site Scripting (2.9.17)
Oracle Database Server CVE-2007-5510 Vulnerability (CVE-2007-5510)
PHP Improper Certificate Validation Vulnerability (CVE-2015-3152)
Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-8235)