Description
Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module.
Remediation
References
Related Vulnerabilities
MySQL CVE-2022-21451 Vulnerability (CVE-2022-21451)
WordPress Plugin BulletProof Security Multiple Vulnerabilities (.51)
OpenSSL Out-of-bounds Write Vulnerability (CVE-2016-2182)
MySQL CVE-2019-2584 Vulnerability (CVE-2019-2584)
WordPress Plugin JetWidgets For Elementor Multiple Cross-Site Scripting Vulnerabilities (1.0.8)