Description
Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2011-0787 Vulnerability (CVE-2011-0787)
MediaWiki Other Vulnerability (CVE-2005-4031)
WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.26)
WordPress Plugin Yasr-Yet Another Stars Rating Unspecified Vulnerability (0.9.1)
Piwigo Improper Access Control Vulnerability (CVE-2016-10085)