Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Zikula CMS 1.2.4 Cross Site Request Forgery

🗓️ 01 Feb 2011 00:00:00Reported by Aung KhantType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 25 Views

Zikula CMS 1.2.4 CSRF Vulnerabilit

Code
`====================================================  
Zikula CMS 1.2.4 <= Cross Site Request Forgery (CSRF) Vulnerability  
====================================================  
  
  
1. OVERVIEW  
  
The Zikula 1.2.4 and lower versions were vulnerable to Cross Site  
Request Forgery (CSRF).  
  
  
2. BACKGROUND  
  
Zikula is a Web Application Toolkit, which allows you to run  
impressive websites and build powerful online applications. Zikula has  
received praise for many things, but we belive the highlights are ease  
of use, quick and easy development, security and performance and  
lastly flexibility.  
  
  
3. VULNERABILITY DESCRIPTION  
  
Zikula CMS 1.2.4 and lower versions contain a flaw that allows a  
remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw  
exists because the application does not require multiple steps or  
explicit confirmation for sensitive transactions for majority of  
administrator functions such as adding new user, assigning user to  
administrative privilege. By using a crafted URL, an attacker may  
trick the victim into visiting to his web page to take advantage of  
the trust relationship between the authenticated victim and the  
application. Such an attack could trick the victim into executing  
arbitrary commands in the context of their session with the  
application, without further prompting or verification.  
  
  
4. VERSIONS AFFECTED  
  
1.2.4 <=  
  
  
5. PROOF-OF-CONCEPT/EXPLOIT  
  
The following request escalates a normal user to an administrator.  
  
[REQUEST]  
POST /zikula/index.php?module=users&type=admin&func=processusers&op=edit  
HTTP/1.1  
  
authid=&userid=3&do=yes&access_permissions%5B%5D=2&access_permissions%5B%5D=1&uname=tester&email=tester%40yehg.net&pass=&vpass=&activated=1&theme=&submit=  
[/REQUEST]  
  
  
6. SOLUTION  
  
Upgrade to Zikula 1.2.5 or higher  
  
  
7. VENDOR  
  
Zikula Foundation  
http://zikula.org/  
  
  
8. CREDIT  
  
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN  
Ethical Hacker Group, Myanmar.  
  
  
9. DISCLOSURE TIME-LINE  
  
2010-12-24: notified vendor  
2011-01-25: vendor released fix  
2011-02-01: vulnerability disclosed  
  
  
10. REFERENCES  
  
Original Advisory URL: http://yehg.net/lab/pr0js/advisories/  
Vendor Released Info:  
http://community.zikula.org/index.php?module=News&func=display&sid=3041&title=zikula-1.2.5-released  
Zikula 1.2.5 Changlog:  
http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG  
CSRF Wiki: https://secure.wikimedia.org/wikipedia/en/wiki/Cross-site_request_forgery  
  
  
#yehg [2011-02-01]  
  
---------------------------------  
Best regards,  
YGN Ethical Hacker Group  
Yangon, Myanmar  
http://yehg.net  
Our Lab | http://yehg.net/lab  
Our Directory | http://yehg.net/hwd  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Feb 2011 00:00Current
0.5Low risk
Vulners AI Score0.5
zikula cmscross site request forgeryvulnerabilityupgradeaung khantygn ethical hacker group
25