Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5011

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-5011
Last Modified 07 Jan 2014 11:24:51
Published 24 Dec 2011 08:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-5011

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in xt:Commerce 3.0.4 SP2.1 and possibly earlier allow remote attackers to hijack the authentication of Admins for requests that (1) set a New user to Admin via the cID parameter to a statusconfirm action in admin/customers.php and (2) grant permissions to users via the cID parameter to a save action in admin/accounting.php.

Vulnerable Systems

Application

  • Xt-commerce Xt%3acommerce 3.0.4


References

XF - xtcommerce-customers-accounting-csrf(71642)

SECUNIA - 47032

OSVDB - 77498

MISC - http://dishix.blogspot.com/p/xtcommerce-v304-sp21-cross-site-request_29.html

MISC - http://dishix.blogspot.com/2011/11/exploiting-xtcommerce-v304-sp21-cross.html


Last Updated: 27 May 2016 10:57:58