Lucene search

[email protected]CVE-2012-1297

HistoryMar 19, 2012 - 6:55 p.m.

CVE-2012-1297

2012-03-1918:55:02

CWE-352

[email protected]

web.nvd.nist.gov

cve-2012-1297

contao

typolight

csrf

vulnerabilities

main.php

remote attackers

authentication

administrators

delete action

user module

news module

newsletters module

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.5%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module.

Affected configurations

NVD

Node

contaocontao_cmsRange≤2.11.0

contaocontao_cmsMatch2.0

contaocontao_cmsMatch2.0beta-rc1

contaocontao_cmsMatch2.0beta-rc2

contaocontao_cmsMatch2.0beta-rc3

contaocontao_cmsMatch2.1.0

contaocontao_cmsMatch2.1.1

contaocontao_cmsMatch2.1.2

contaocontao_cmsMatch2.1.3

contaocontao_cmsMatch2.1.4

contaocontao_cmsMatch2.1.5

contaocontao_cmsMatch2.1.6

contaocontao_cmsMatch2.1.7

contaocontao_cmsMatch2.1.8

contaocontao_cmsMatch2.1.9

contaocontao_cmsMatch2.1.10

contaocontao_cmsMatch2.1.11

contaocontao_cmsMatch2.1.12

contaocontao_cmsMatch2.1.13

contaocontao_cmsMatch2.1.14

contaocontao_cmsMatch2.1.15

contaocontao_cmsMatch2.1.16

contaocontao_cmsMatch2.1.17

contaocontao_cmsMatch2.1.18

contaocontao_cmsMatch2.1.19

contaocontao_cmsMatch2.1.20

contaocontao_cmsMatch2.2.0

contaocontao_cmsMatch2.2.1

contaocontao_cmsMatch2.2.2

contaocontao_cmsMatch2.2.3

contaocontao_cmsMatch2.2.4

contaocontao_cmsMatch2.2.5

contaocontao_cmsMatch2.2.6

contaocontao_cmsMatch2.2.7

contaocontao_cmsMatch2.2.8

contaocontao_cmsMatch2.2.9

contaocontao_cmsMatch2.2.10

contaocontao_cmsMatch2.2.11

contaocontao_cmsMatch2.2.12

contaocontao_cmsMatch2.3.0

contaocontao_cmsMatch2.3.1

contaocontao_cmsMatch2.3.2

contaocontao_cmsMatch2.3.3

contaocontao_cmsMatch2.3.4

contaocontao_cmsMatch2.4.0

contaocontao_cmsMatch2.4.0beta

contaocontao_cmsMatch2.4.1

contaocontao_cmsMatch2.4.2

contaocontao_cmsMatch2.4.3

contaocontao_cmsMatch2.4.4

contaocontao_cmsMatch2.4.5

contaocontao_cmsMatch2.4.6

contaocontao_cmsMatch2.4.7

contaocontao_cmsMatch2.5.0

contaocontao_cmsMatch2.5.0beta

contaocontao_cmsMatch2.5.0beta-rc2

contaocontao_cmsMatch2.5.1

contaocontao_cmsMatch2.5.2

contaocontao_cmsMatch2.5.3

contaocontao_cmsMatch2.5.4

contaocontao_cmsMatch2.5.5

contaocontao_cmsMatch2.5.6

contaocontao_cmsMatch2.5.7

contaocontao_cmsMatch2.5.8

contaocontao_cmsMatch2.5.9

contaocontao_cmsMatch2.6.0

contaocontao_cmsMatch2.6.0beta

contaocontao_cmsMatch2.6.0beta2

contaocontao_cmsMatch2.6.1

contaocontao_cmsMatch2.6.2

contaocontao_cmsMatch2.6.3

contaocontao_cmsMatch2.6.4

contaocontao_cmsMatch2.6.5

contaocontao_cmsMatch2.6.6

contaocontao_cmsMatch2.6.7

contaocontao_cmsMatch2.6.8

contaocontao_cmsMatch2.7.0

contaocontao_cmsMatch2.7.0rc1

contaocontao_cmsMatch2.7.0rc2

contaocontao_cmsMatch2.7.1

contaocontao_cmsMatch2.7.2

contaocontao_cmsMatch2.7.3

contaocontao_cmsMatch2.7.4

contaocontao_cmsMatch2.7.5

contaocontao_cmsMatch2.7.6

contaocontao_cmsMatch2.7.7

contaocontao_cmsMatch2.8.0

contaocontao_cmsMatch2.8.0rc1

contaocontao_cmsMatch2.8.0rc2

contaocontao_cmsMatch2.8.1

contaocontao_cmsMatch2.8.2

contaocontao_cmsMatch2.8.3

contaocontao_cmsMatch2.8.4

contaocontao_cmsMatch2.9.0

contaocontao_cmsMatch2.9.0beta1

contaocontao_cmsMatch2.9.0rc1

contaocontao_cmsMatch2.9.1

contaocontao_cmsMatch2.9.2

contaocontao_cmsMatch2.9.3

contaocontao_cmsMatch2.9.4

contaocontao_cmsMatch2.9.5

contaocontao_cmsMatch2.10.beta

contaocontao_cmsMatch2.10.0

contaocontao_cmsMatch2.10.0rc1

contaocontao_cmsMatch2.10.1

contaocontao_cmsMatch2.10.2

contaocontao_cmsMatch2.10.3

contaocontao_cmsMatch2.10.4

CPENameOperatorVersion
contao:contao_cmscontao contao cmsle2.11.0
contao:contao_cmscontao contao cmseq2.0
contao:contao_cmscontao contao cmseq2.1.0
contao:contao_cmscontao contao cmseq2.1.1
contao:contao_cmscontao contao cmseq2.1.2
contao:contao_cmscontao contao cmseq2.1.3
contao:contao_cmscontao contao cmseq2.1.4
contao:contao_cmscontao contao cmseq2.1.5
contao:contao_cmscontao contao cmseq2.1.6
contao:contao_cmscontao contao cmseq2.1.7

CPE	Name	Operator	Version
contao:contao_cms	contao contao cms	le	2.11.0
contao:contao_cms	contao contao cms	eq	2.0
contao:contao_cms	contao contao cms	eq	2.1.0
contao:contao_cms	contao contao cms	eq	2.1.1
contao:contao_cms	contao contao cms	eq	2.1.2
contao:contao_cms	contao contao cms	eq	2.1.3
contao:contao_cms	contao contao cms	eq	2.1.4
contao:contao_cms	contao contao cms	eq	2.1.5
contao:contao_cms	contao contao cms	eq	2.1.6
contao:contao_cms	contao contao cms	eq	2.1.7

Rows per page:

1-10 of 931

References

ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html

packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html

secunia.com/advisories/48180

www.exploit-db.com/exploits/18527

exchange.xforce.ibmcloud.com/vulnerabilities/73479

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.5%

JSON

Related for CVE-2012-1297

cvelist1 nvd1 prion1