Description

Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php.

Remediation

References

CVE-2011-0535

Related Vulnerabilities

Moodle CVE-2023-5551 Vulnerability (CVE-2023-5551)

WordPress Plugin FV Flowplayer Video Player Cross-Site Request Forgery (7.5.30.7210)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1835)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-7076)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-5540)

Severity

Medium

Classification

CVE-2011-0535 CWE-352

Tags

Missing Update Known Vulnerabilities