Lucene search

[email protected]CVE-2011-4452

HistorySep 05, 2012 - 8:55 p.m.

CVE-2011-4452

2012-09-0520:55:00

CWE-352

[email protected]

web.nvd.nist.gov

775

cve-2011-4452

cross-site request forgery

csrf

wikkawiki

adminusers

vulnerability

nvd

7.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

57.0%

JSON

Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{image}} action.

CPENameOperatorVersion
wikkawiki:wikkawikiwikkawikieq1.3.2
wikkawiki:wikkawikiwikkawikieq1.3.1

CPE	Name	Operator	Version
wikkawiki:wikkawiki	wikkawiki	eq	1.3.2
wikkawiki:wikkawiki	wikkawiki	eq	1.3.1

References

wush.net/trac/wikka/changeset/1819

wush.net/trac/wikka/changeset/1832

wush.net/trac/wikka/ticket/1097

wush.net/trac/wikka/ticket/1098

7.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

57.0%

JSON

Related for CVE-2011-4452

prion1 packetstorm1 seebug2 exploitpack1 securityvulns1 exploitdb1