CVE-2011-0535
published 2011-02-08CVE-2011-0535: Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of…
PriorityP431medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.43%
69.8th percentile
Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zikula | zikula_application_framework | <= 1.2.4 | — |
| zikula | zikula_application_framework | — | — |
| zikula | zikula_application_framework | — | — |
| zikula | zikula_application_framework | — | — |
| zikula | zikula_application_framework | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4x2p-6cr9-jx6r: Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1
ghsa_unreviewed·2022-05-17
CVE-2011-0535 [MEDIUM] CWE-352 GHSA-4x2p-6cr9-jx6r: Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1
Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php.
GHSA
GHSA-rx38-v4jx-9vw9: Cross-site scripting (XSS) vulnerability in the Users module in Zikula before 1
ghsa_unreviewed·2022-05-17·CVSS 6.8
CVE-2011-0911 [MEDIUM] CWE-79 GHSA-rx38-v4jx-9vw9: Cross-site scripting (XSS) vulnerability in the Users module in Zikula before 1
Cross-site scripting (XSS) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that this overlaps CVE-2011-0535.
No detection rules found.
Bugzilla
CVE-2011-0911 zikula: XSS vulnerability in Users module
bugzilla·2011-02-09·CVSS 6.8
CVE-2011-0911 [MEDIUM] CVE-2011-0911 zikula: XSS vulnerability in Users module
CVE-2011-0911 zikula: XSS vulnerability in Users module
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-0911 to
the following vulnerability:
Name: CVE-2011-0911
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0911
Assigned: 20110208
Reference: http://community.zikula.org/index.php?module=News&func=display&sid=3041&title=zikula-1.2.5-released
Cross-site scripting (XSS) vulnerability in the Users module in Zikula
before 1.2.5 allows remote attackers to inject arbitrary web script or
HTML via unspecified vectors. NOTE: it is possible that this overlaps
CVE-2011-0535.
Discussion:
Created zikula tracking bugs for this issue
Affects: fedora-all [bug 676457]
Affects: epel-all [bug 676458]
Bugzilla
CVE-2010-4728 CVE-2011-0535 CVE-2011-0911 zikula various flaws [fedora-all]
bugzilla·2011-02-09·CVSS 5.0
CVE-2010-4728 [MEDIUM] CVE-2010-4728 CVE-2011-0535 CVE-2011-0911 zikula various flaws [fedora-all]
CVE-2010-4728 CVE-2011-0535 CVE-2011-0911 zikula various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=676450
Please note: this issue affects multipl
Bugzilla
CVE-2010-4728 CVE-2011-0535 CVE-2011-0911 zikula various flaws [epel-all]
bugzilla·2011-02-09·CVSS 5.0
CVE-2010-4728 [MEDIUM] CVE-2010-4728 CVE-2011-0535 CVE-2011-0911 zikula various flaws [epel-all]
CVE-2010-4728 CVE-2011-0535 CVE-2011-0911 zikula various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=676450
Please note: this issue affects multiple
Bugzilla
CVE-2011-0535 zikula: CSRF vulnerability in Users module
bugzilla·2011-02-09·CVSS 6.8
CVE-2011-0535 [MEDIUM] CVE-2011-0535 zikula: CSRF vulnerability in Users module
CVE-2011-0535 zikula: CSRF vulnerability in Users module
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-0535 to
the following vulnerability:
Name: CVE-2011-0535
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0535
Assigned: 20110120
Reference: http://seclists.org/fulldisclosure/2011/Feb/0
Reference: http://openwall.com/lists/oss-security/2011/02/01/1
Reference: http://openwall.com/lists/oss-security/2011/02/03/1
Reference: http://bl0g.yehg.net/2011/02/zikula-cms-124-cross-site-request.html
Reference: http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG
Reference: http://community.zikula.org/index.php?module=News&func=display&sid=3041&title=zikula-1.2.5-released
Reference: http://www.osvdb.org/70751
Reference: http://secunia.com/advi
http://bl0g.yehg.net/2011/02/zikula-cms-124-cross-site-request.htmlhttp://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOGhttp://community.zikula.org/index.php?module=News&func=display&sid=3041&title=zikula-1.2.5-releasedhttp://openwall.com/lists/oss-security/2011/02/01/1http://openwall.com/lists/oss-security/2011/02/03/1http://seclists.org/fulldisclosure/2011/Feb/0http://secunia.com/advisories/43114http://securityreason.com/securityalert/8067http://www.osvdb.org/70751http://bl0g.yehg.net/2011/02/zikula-cms-124-cross-site-request.htmlhttp://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOGhttp://community.zikula.org/index.php?module=News&func=display&sid=3041&title=zikula-1.2.5-releasedhttp://openwall.com/lists/oss-security/2011/02/01/1http://openwall.com/lists/oss-security/2011/02/03/1http://seclists.org/fulldisclosure/2011/Feb/0http://secunia.com/advisories/43114http://securityreason.com/securityalert/8067http://www.osvdb.org/70751
2011-02-08
Published