11in1 Cross Site Request Forgery And Local File Include Vulnerabilities Network Vulnerability

Summary

11in1 is prone to a cross-site request-forgery and a local file include vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and open or run arbitrary files in the context of the affected application. 11in1 1.2.1 is vulnerable other versions may also be affected.

References

http://www.11in1.org/
http://www.securityfocus.com/archive/1/521660
http://www.securityfocus.com/bid/52025

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0996, CVE-2012-0997

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

@Mail WebMail Email Body HTML Injection Vulnerability
Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability

11in1 Cross Site Request Forgery and Local File Include Vulnerabilities

Take action and discover your vulnerabilities