Description

Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module.

Remediation

References

CVE-2012-1297

Related Vulnerabilities

WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Cross-Site Scripting (2.9.17)

Frontaccounting Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-4045)

Oracle Database Server CVE-2007-5510 Vulnerability (CVE-2007-5510)

PHP Improper Certificate Validation Vulnerability (CVE-2015-3152)

Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-8235)

Severity

Medium

Classification

CVE-2012-1297 CWE-352

Tags

Missing Update Known Vulnerabilities