Description
Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module.
Remediation
References
Related Vulnerabilities
WordPress Plugin HashBar-WordPress Notification Bar Cross-Site Scripting (1.3.5)
WordPress Plugin Store Locator Plus for WordPress Privilege Escalation (5.5.14)
Joomla! Core 3.x.x Cross-Site Request Forgery (3.0.0 - 3.9.26)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.68)
Oracle Database Server CVE-2006-5340 Vulnerability (CVE-2006-5340)