Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4452

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-4452
Last Modified 06 Sep 2012 09:08:18
Published 05 Sep 2012 04:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4452

Summary

Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action.

Vulnerable Systems

Application

  • Wikkawiki 1.3.1

  • Wikkawiki 1.3.2


References

CONFIRM - http://wush.net/trac/wikka/ticket/1098

CONFIRM - http://wush.net/trac/wikka/ticket/1097

CONFIRM - http://wush.net/trac/wikka/changeset/1832

CONFIRM - http://wush.net/trac/wikka/changeset/1819


Last Updated: 27 May 2016 11:00:28