Multiple vulnerabilities in 11in1

Advisory ID: HTB23071 Product: 11in1 Vendor: 11in1 Vulnerable Versions: 1.2.1 stable 12-31-2011 and probably prior Tested Version: 1.2.1 stable 12-31-2011 Vendor Notification: 25 January 2012 Public Disclosure: 15 February 2012 Vulnerability Type: Local File Inclusion, Сross-Site Request Forgery...

CVE-2012-0997

Cross-site request forgery CSRF vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action...

CVE-2012-0997

CVE-2012-0997: CSRF vulnerability in 11in1 1.2.1 stable (12-31-2011) affecting admin/index.php, allowing an attacker to hijack administrator authentication to perform addTopic requests. Multiple connected sources corroborate CSRF context and impact (topic creation via addTopic) with PoC examples ...

11in1 1.2.1 Stable 12-31-2011 Cross Site Request Forgery / Local File Inclusion

Advisory ID: HTB23071 Product: 11in1 Vendor: 11in1 Vulnerable Versions: 1.2.1 stable 12-31-2011 and probably prior Tested Version: 1.2.1 stable 12-31-2011 Vendor Notification: 25 January 2012 Public Disclosure: 15 February 2012 Vulnerability Type: Local File Inclusion, Сross-Site Request Forgery...

11in1 Cross Site Request Forgery and Local File Include Vulnerabilities

11in1 is prone to a cross-site request-forgery and a local file include vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

CVE-2012-0997

creationtimestamp| type| source ---|---|--- 2012-02-15 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/36786...