Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1482

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-1482
Last Modified 21 Jun 2011 10:54:04
Published 20 Jun 2011 10:52:42
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1482

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison.

Vulnerable Systems

Application

  • Phpnuke Php-nuke 5.0

  • Phpnuke Php-nuke 5.0.1

  • Phpnuke Php-nuke 5.1

  • Phpnuke Php-nuke 5.2

  • Phpnuke Php-nuke 5.3

  • Phpnuke Php-nuke 5.3.1

  • Phpnuke Php-nuke 5.4

  • Phpnuke Php-nuke 5.5

  • Phpnuke Php-nuke 5.6

  • Phpnuke Php-nuke 6.0

  • Phpnuke Php-nuke 6.5

  • Phpnuke Php-nuke 6.6

  • Phpnuke Php-nuke 6.7

  • Phpnuke Php-nuke 6.8

  • Phpnuke Php-nuke 6.9

  • Phpnuke Php-nuke 7.0

  • Phpnuke Php-nuke 7.1

  • Phpnuke Php-nuke 7.2

  • Phpnuke Php-nuke 7.3

  • Phpnuke Php-nuke 7.4

  • Phpnuke Php-nuke 7.5

  • Phpnuke Php-nuke 7.6

  • Phpnuke Php-nuke 7.7

  • Phpnuke Php-nuke 7.8

  • Phpnuke Php-nuke 7.9

  • Phpnuke Php-nuke 8.0


References

MISC - http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_request_forgery

MLIST - [oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x <= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability

MLIST - [oss-security] 20110323 CVE Request: PHP-Nuke 8.x <= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability


Last Updated: 27 May 2016 10:56:21