Description

Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php.

Remediation

References

CVE-2011-0535

Related Vulnerabilities

WordPress Plugin RSS Post Importer Cross-Site Scripting (2.2.1)

Joomla Other Vulnerability (CVE-2007-4185)

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-0224)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-5447)

MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-5687)

Severity

Medium

Classification

CVE-2011-0535 CWE-352

Tags

Missing Update Known Vulnerabilities