Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0748

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-0748
Last Modified 02 Oct 2012 11:15:14
Published 13 Apr 2011 10:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-0748

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in phpList before 2.10.13 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) edit administrator accounts.

Vulnerable Systems

Application

  • Tincan Phplist 1.0

  • Tincan Phplist 1.0.1

  • Tincan Phplist 1.1.2b

  • Tincan Phplist 1.1.3b

  • Tincan Phplist 1.1.4b

  • Tincan Phplist 1.1.5

  • Tincan Phplist 1.1.5b

  • Tincan Phplist 1.1.6

  • Tincan Phplist 1.1.7

  • Tincan Phplist 1.3.5

  • Tincan Phplist 1.3.7

  • Tincan Phplist 1.4.1

  • Tincan Phplist 1.5.0

  • Tincan Phplist 1.5.1

  • Tincan Phplist 1.6.0

  • Tincan Phplist 1.6.1

  • Tincan Phplist 1.6.3

  • Tincan Phplist 1.6.4

  • Tincan Phplist 1.7.0

  • Tincan Phplist 1.7.1

  • Tincan Phplist 1.8.0

  • Tincan Phplist 1.9.0

  • Tincan Phplist 1.9.1

  • Tincan Phplist 1.9.2

  • Tincan Phplist 1.9.3

  • Tincan Phplist 2.1.0

  • Tincan Phplist 2.1.1

  • Tincan Phplist 2.1.3

  • Tincan Phplist 2.1.4

  • Tincan Phplist 2.10.1

  • Tincan Phplist 2.10.10

  • Tincan Phplist 2.10.11

  • Tincan Phplist 2.10.12

  • Tincan Phplist 2.10.2

  • Tincan Phplist 2.10.3

  • Tincan Phplist 2.10.4

  • Tincan Phplist 2.10.5

  • Tincan Phplist 2.10.6

  • Tincan Phplist 2.10.7

  • Tincan Phplist 2.10.8

  • Tincan Phplist 2.10.9

  • Tincan Phplist 2.2.0

  • Tincan Phplist 2.2.1

  • Tincan Phplist 2.3.0

  • Tincan Phplist 2.3.1

  • Tincan Phplist 2.3.2

  • Tincan Phplist 2.3.3

  • Tincan Phplist 2.3.4

  • Tincan Phplist 2.4.0

  • Tincan Phplist 2.4.7

  • Tincan Phplist 2.5.0

  • Tincan Phplist 2.5.1

  • Tincan Phplist 2.5.2

  • Tincan Phplist 2.5.3

  • Tincan Phplist 2.5.4

  • Tincan Phplist 2.5.5

  • Tincan Phplist 2.5.6

  • Tincan Phplist 2.5.7

  • Tincan Phplist 2.5.8

  • Tincan Phplist 2.6

  • Tincan Phplist 2.6.0

  • Tincan Phplist 2.6.1

  • Tincan Phplist 2.6.2

  • Tincan Phplist 2.6.3

  • Tincan Phplist 2.6.4

  • Tincan Phplist 2.6.5

  • Tincan Phplist 2.7.1

  • Tincan Phplist 2.7.2

  • Tincan Phplist 2.8.12

  • Tincan Phplist 2.8.2

  • Tincan Phplist 2.8.7

  • Tincan Phplist 2.9.3

  • Tincan Phplist 2.9.4

  • Tincan Phplist 2.9.5


References

BUGTRAQ - 20110407 phplist: cross site request forgery (CSRF), CVE-2011-0748

CONFIRM - http://www.phplist.com/?lid=516

SREASON - 8199

SECUNIA - 44041

MISC - http://int21.de/cve/CVE-2011-0748-phplist.html

XF - phplist-admin-csrf(72746)

BID - 51681

EXPLOIT-DB - 18419

OSVDB - 78549


Last Updated: 27 May 2016 11:00:50