11in1 Cross Site Request Forgery And Local File Include Vulnerabilities Network Vulnerability

Summary

11in1 is prone to a cross-site request-forgery and a local file include vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and open or run arbitrary files in the context of the affected application. 11in1 1.2.1 is vulnerable other versions may also be affected.

References

http://www.11in1.org/
http://www.securityfocus.com/archive/1/521660
http://www.securityfocus.com/bid/52025

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0996, CVE-2012-0997

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
Apache Tomcat Information Disclosure Vulnerability
Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
Apache Tomcat NIO Connector Denial of Service Vulnerability
Apache Open For Business HTML injection vulnerability

11in1 Cross Site Request Forgery and Local File Include Vulnerabilities

Take action and discover your vulnerabilities