CVE-2012-1297
published 2012-03-19CVE-2012-1297: Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the…
PriorityP431medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.08%
60.8th percentile
Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module.
Affected
93 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| contao | contao_cms | <= 2.11.0 | — |
| contao | contao_cms | — | — |
| contao | contao_cms | — | — |
| contao | contao_cms | — | — |
| contao | contao_cms | — | — |
| contao | contao_cms | — | — |
| contao | contao_cms | — | — |
| contao | contao_cms | — | — |
| contao | contao_cms | — | — |
| contao | contao_cms | — | — |
| contao | contao_cms | — | — |
| contao | contao_cms | — | — |
| contao | contao_cms | — | — |
| contao | contao_cms | — | — |
| contao | contao_cms | — | — |
| contao | contao_cms | — | — |
| contao | contao_cms | — | — |
| contao | contao_cms | — | — |
| contao | contao_cms | — | — |
| contao | contao_cms | — | — |
| contao | contao_cms | — | — |
| contao | contao_cms | — | — |
| contao | contao_cms | — | — |
| contao | contao_cms | — | — |
| contao | contao_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.htmlhttp://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.htmlhttp://secunia.com/advisories/48180http://www.exploit-db.com/exploits/18527https://exchange.xforce.ibmcloud.com/vulnerabilities/73479http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.htmlhttp://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.htmlhttp://secunia.com/advisories/48180http://www.exploit-db.com/exploits/18527https://exchange.xforce.ibmcloud.com/vulnerabilities/73479
2012-03-19
Published