Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-0545

CWE-352 — Cross-Site Request Forgery (CSRF)6 documents6 sources

Severity

6.8MEDIUM

EPSS

4.1%

top 11.46%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Symantec Liveupdate Administrator

Timeline

PublishedMar 28

Latest updateMay 14

Description

Cross-site request forgery (CSRF) vulnerability in adduser.do in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts, and possibly have unspecified other impact, via the userRole parameter.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDsymantec/liveupdate_administrator2.2.2.9

🔴Vulnerability Details

GHSA

GHSA-3q8f-9qwv-4cxw: Cross-site request forgery (CSRF) vulnerability in adduser↗2022-05-14

▶

CVEList

CVE-2011-0545: Cross-site request forgery (CSRF) vulnerability in adduser↗2011-03-28

▶

💥Exploits & PoCs

Exploit-DB

Symantec LiveUpdate Administrator Management GUI - HTML Injection↗2011-03-23

▶

📋Vendor Advisories

Red Hat

Squid: Denial of service due internal error in string handling (SQUID-2010:3)↗2010-09-03

▶

💬Community

Bugzilla

CVE-2011-0432 pywebdav: SQL injection due improper escaping of user credentials [epel-6]↗2011-02-22

▶