Description

Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php.

Remediation

References

CVE-2011-0535

Related Vulnerabilities

Squid Other Vulnerability (CVE-2016-4556)

WordPress Plugin RapidLoad Power-Up for Autoptimize Multiple Vulnerabilities (1.7.1)

WordPress Plugin Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Cross-Site Scripting (3.1.2)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-4292)

Oracle HTTP Server NULL Pointer Dereference Vulnerability (CVE-2021-34798)

Severity

Medium

Classification

CVE-2011-0535 CWE-352

Tags

Missing Update Known Vulnerabilities