cbcvebase.
CVE-2012-1297
published 2012-03-19

CVE-2012-1297: Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the…

PriorityP431medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.08%
60.8th percentile
Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module.

Affected

93 ranges· showing 25
VendorProductVersion rangeFixed in
contaocontao_cms<= 2.11.0
contaocontao_cms
contaocontao_cms
contaocontao_cms
contaocontao_cms
contaocontao_cms
contaocontao_cms
contaocontao_cms
contaocontao_cms
contaocontao_cms
contaocontao_cms
contaocontao_cms
contaocontao_cms
contaocontao_cms
contaocontao_cms
contaocontao_cms
contaocontao_cms
contaocontao_cms
contaocontao_cms
contaocontao_cms
contaocontao_cms
contaocontao_cms
contaocontao_cms
contaocontao_cms
contaocontao_cms
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.