Lucene search

[email protected]NVD:CVE-2012-1297

HistoryMar 19, 2012 - 6:55 p.m.

CVE-2012-1297

2012-03-1918:55:02

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.011

Percentile

84.3%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module.

Affected configurations

Nvd

Node

contaocontao_cmsRange≤2.11.0

contaocontao_cmsMatch2.0

contaocontao_cmsMatch2.0beta-rc1

contaocontao_cmsMatch2.0beta-rc2

contaocontao_cmsMatch2.0beta-rc3

contaocontao_cmsMatch2.1.0

contaocontao_cmsMatch2.1.1

contaocontao_cmsMatch2.1.2

contaocontao_cmsMatch2.1.3

contaocontao_cmsMatch2.1.4

contaocontao_cmsMatch2.1.5

contaocontao_cmsMatch2.1.6

contaocontao_cmsMatch2.1.7

contaocontao_cmsMatch2.1.8

contaocontao_cmsMatch2.1.9

contaocontao_cmsMatch2.1.10

contaocontao_cmsMatch2.1.11

contaocontao_cmsMatch2.1.12

contaocontao_cmsMatch2.1.13

contaocontao_cmsMatch2.1.14

contaocontao_cmsMatch2.1.15

contaocontao_cmsMatch2.1.16

contaocontao_cmsMatch2.1.17

contaocontao_cmsMatch2.1.18

contaocontao_cmsMatch2.1.19

contaocontao_cmsMatch2.1.20

contaocontao_cmsMatch2.2.0

contaocontao_cmsMatch2.2.1

contaocontao_cmsMatch2.2.2

contaocontao_cmsMatch2.2.3

contaocontao_cmsMatch2.2.4

contaocontao_cmsMatch2.2.5

contaocontao_cmsMatch2.2.6

contaocontao_cmsMatch2.2.7

contaocontao_cmsMatch2.2.8

contaocontao_cmsMatch2.2.9

contaocontao_cmsMatch2.2.10

contaocontao_cmsMatch2.2.11

contaocontao_cmsMatch2.2.12

contaocontao_cmsMatch2.3.0

contaocontao_cmsMatch2.3.1

contaocontao_cmsMatch2.3.2

contaocontao_cmsMatch2.3.3

contaocontao_cmsMatch2.3.4

contaocontao_cmsMatch2.4.0

contaocontao_cmsMatch2.4.0beta

contaocontao_cmsMatch2.4.1

contaocontao_cmsMatch2.4.2

contaocontao_cmsMatch2.4.3

contaocontao_cmsMatch2.4.4

contaocontao_cmsMatch2.4.5

contaocontao_cmsMatch2.4.6

contaocontao_cmsMatch2.4.7

contaocontao_cmsMatch2.5.0

contaocontao_cmsMatch2.5.0beta

contaocontao_cmsMatch2.5.0beta-rc2

contaocontao_cmsMatch2.5.1

contaocontao_cmsMatch2.5.2

contaocontao_cmsMatch2.5.3

contaocontao_cmsMatch2.5.4

contaocontao_cmsMatch2.5.5

contaocontao_cmsMatch2.5.6

contaocontao_cmsMatch2.5.7

contaocontao_cmsMatch2.5.8

contaocontao_cmsMatch2.5.9

contaocontao_cmsMatch2.6.0

contaocontao_cmsMatch2.6.0beta

contaocontao_cmsMatch2.6.0beta2

contaocontao_cmsMatch2.6.1

contaocontao_cmsMatch2.6.2

contaocontao_cmsMatch2.6.3

contaocontao_cmsMatch2.6.4

contaocontao_cmsMatch2.6.5

contaocontao_cmsMatch2.6.6

contaocontao_cmsMatch2.6.7

contaocontao_cmsMatch2.6.8

contaocontao_cmsMatch2.7.0

contaocontao_cmsMatch2.7.0rc1

contaocontao_cmsMatch2.7.0rc2

contaocontao_cmsMatch2.7.1

contaocontao_cmsMatch2.7.2

contaocontao_cmsMatch2.7.3

contaocontao_cmsMatch2.7.4

contaocontao_cmsMatch2.7.5

contaocontao_cmsMatch2.7.6

contaocontao_cmsMatch2.7.7

contaocontao_cmsMatch2.8.0

contaocontao_cmsMatch2.8.0rc1

contaocontao_cmsMatch2.8.0rc2

contaocontao_cmsMatch2.8.1

contaocontao_cmsMatch2.8.2

contaocontao_cmsMatch2.8.3

contaocontao_cmsMatch2.8.4

contaocontao_cmsMatch2.9.0

contaocontao_cmsMatch2.9.0beta1

contaocontao_cmsMatch2.9.0rc1

contaocontao_cmsMatch2.9.1

contaocontao_cmsMatch2.9.2

contaocontao_cmsMatch2.9.3

contaocontao_cmsMatch2.9.4

contaocontao_cmsMatch2.9.5

contaocontao_cmsMatch2.10.beta

contaocontao_cmsMatch2.10.0

contaocontao_cmsMatch2.10.0rc1

contaocontao_cmsMatch2.10.1

contaocontao_cmsMatch2.10.2

contaocontao_cmsMatch2.10.3

contaocontao_cmsMatch2.10.4

VendorProductVersionCPE
contaocontao_cms*cpe:2.3:a:contao:contao_cms:*:*:*:*:*:*:*:*
contaocontao_cms2.0cpe:2.3:a:contao:contao_cms:2.0:*:*:*:*:*:*:*
contaocontao_cms2.0cpe:2.3:a:contao:contao_cms:2.0:beta-rc1:*:*:*:*:*:*
contaocontao_cms2.0cpe:2.3:a:contao:contao_cms:2.0:beta-rc2:*:*:*:*:*:*
contaocontao_cms2.0cpe:2.3:a:contao:contao_cms:2.0:beta-rc3:*:*:*:*:*:*
contaocontao_cms2.1.0cpe:2.3:a:contao:contao_cms:2.1.0:*:*:*:*:*:*:*
contaocontao_cms2.1.1cpe:2.3:a:contao:contao_cms:2.1.1:*:*:*:*:*:*:*
contaocontao_cms2.1.2cpe:2.3:a:contao:contao_cms:2.1.2:*:*:*:*:*:*:*
contaocontao_cms2.1.3cpe:2.3:a:contao:contao_cms:2.1.3:*:*:*:*:*:*:*
contaocontao_cms2.1.4cpe:2.3:a:contao:contao_cms:2.1.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
contao	contao_cms	*	cpe:2.3:a:contao:contao_cms::::::::
contao	contao_cms	2.0	cpe:2.3:a:contao:contao_cms:2.0:::::::*
contao	contao_cms	2.0	cpe:2.3:a:contao:contao_cms:2.0:beta-rc1::::::
contao	contao_cms	2.0	cpe:2.3:a:contao:contao_cms:2.0:beta-rc2::::::
contao	contao_cms	2.0	cpe:2.3:a:contao:contao_cms:2.0:beta-rc3::::::
contao	contao_cms	2.1.0	cpe:2.3:a:contao:contao_cms:2.1.0:::::::*
contao	contao_cms	2.1.1	cpe:2.3:a:contao:contao_cms:2.1.1:::::::*
contao	contao_cms	2.1.2	cpe:2.3:a:contao:contao_cms:2.1.2:::::::*
contao	contao_cms	2.1.3	cpe:2.3:a:contao:contao_cms:2.1.3:::::::*
contao	contao_cms	2.1.4	cpe:2.3:a:contao:contao_cms:2.1.4:::::::*

Rows per page:

1-10 of 1081

References

ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html

packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html

secunia.com/advisories/48180

www.exploit-db.com/exploits/18527

exchange.xforce.ibmcloud.com/vulnerabilities/73479

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.011

Percentile

84.3%

JSON

Related for NVD:CVE-2012-1297

exploitdb1 prion1 cve1 cvelist1