Description

Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php.

Remediation

References

CVE-2011-0535

Related Vulnerabilities

WordPress Plugin Widget Shortcode Cross-Site Scripting (0.3.5)

Apache Tomcat Improper Authentication Vulnerability (CVE-2012-5887)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43708)

phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-23209)

Oracle Application Server Other Vulnerability (CVE-2002-0656)

Severity

Medium

Classification

CVE-2011-0535 CWE-352

Tags

Missing Update Known Vulnerabilities