Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1297

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-1297
Last Modified 20 Mar 2012 12:00:00
Published 19 Mar 2012 02:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1297

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module.

Vulnerable Systems

Application

  • Contao Cms 2.0

  • Contao Cms 2.1.0

  • Contao Cms 2.1.1

  • Contao Cms 2.1.10

  • Contao Cms 2.1.11

  • Contao Cms 2.1.12

  • Contao Cms 2.1.13

  • Contao Cms 2.1.14

  • Contao Cms 2.1.15

  • Contao Cms 2.1.16

  • Contao Cms 2.1.17

  • Contao Cms 2.1.18

  • Contao Cms 2.1.19

  • Contao Cms 2.1.2

  • Contao Cms 2.1.20

  • Contao Cms 2.1.3

  • Contao Cms 2.1.4

  • Contao Cms 2.1.5

  • Contao Cms 2.1.6

  • Contao Cms 2.1.7

  • Contao Cms 2.1.8

  • Contao Cms 2.1.9

  • Contao Cms 2.10.

  • Contao Cms 2.10.0

  • Contao Cms 2.10.1

  • Contao Cms 2.10.2

  • Contao Cms 2.10.3

  • Contao Cms 2.10.4

  • Contao Cms 2.11.0

  • Contao Cms 2.2.0

  • Contao Cms 2.2.1

  • Contao Cms 2.2.10

  • Contao Cms 2.2.11

  • Contao Cms 2.2.12

  • Contao Cms 2.2.2

  • Contao Cms 2.2.3

  • Contao Cms 2.2.4

  • Contao Cms 2.2.5

  • Contao Cms 2.2.6

  • Contao Cms 2.2.7

  • Contao Cms 2.2.8

  • Contao Cms 2.2.9

  • Contao Cms 2.3.0

  • Contao Cms 2.3.1

  • Contao Cms 2.3.2

  • Contao Cms 2.3.3

  • Contao Cms 2.3.4

  • Contao Cms 2.4

  • Contao Cms 2.4.0

  • Contao Cms 2.4.1

  • Contao Cms 2.4.2

  • Contao Cms 2.4.3

  • Contao Cms 2.4.4

  • Contao Cms 2.4.5

  • Contao Cms 2.4.6

  • Contao Cms 2.4.7

  • Contao Cms 2.5

  • Contao Cms 2.5.0

  • Contao Cms 2.5.1

  • Contao Cms 2.5.2

  • Contao Cms 2.5.3

  • Contao Cms 2.5.4

  • Contao Cms 2.5.5

  • Contao Cms 2.5.6

  • Contao Cms 2.5.7

  • Contao Cms 2.5.8

  • Contao Cms 2.5.9

  • Contao Cms 2.6

  • Contao Cms 2.6.0

  • Contao Cms 2.6.1

  • Contao Cms 2.6.2

  • Contao Cms 2.6.3

  • Contao Cms 2.6.4

  • Contao Cms 2.6.5

  • Contao Cms 2.6.6

  • Contao Cms 2.6.7

  • Contao Cms 2.6.8

  • Contao Cms 2.7

  • Contao Cms 2.7.0

  • Contao Cms 2.7.1

  • Contao Cms 2.7.2

  • Contao Cms 2.7.3

  • Contao Cms 2.7.4

  • Contao Cms 2.7.5

  • Contao Cms 2.7.6

  • Contao Cms 2.7.7

  • Contao Cms 2.8

  • Contao Cms 2.8.0

  • Contao Cms 2.8.1

  • Contao Cms 2.8.2

  • Contao Cms 2.8.3

  • Contao Cms 2.8.4

  • Contao Cms 2.9

  • Contao Cms 2.9.0

  • Contao Cms 2.9.1

  • Contao Cms 2.9.2

  • Contao Cms 2.9.3

  • Contao Cms 2.9.4

  • Contao Cms 2.9.5


References

XF - contao-newsletter-csrf(73479)

EXPLOIT-DB - 18527

SECUNIA - 48180

MISC - http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html

MISC - http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html


Last Updated: 27 May 2016 10:47:10