N-13 News Cross-Site Request Forgery Vulnerability Network Vulnerability

Summary

This host is running N-13 News and is prone to Cross-Site Request Forgery vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary script code, perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. Impact Level: Application.

Solution

Upgrade to N-13 News version 4.0.2 or later. For updates refer to http://code.google.com/p/n-13news/

Insight

The flaw is caused by an improper validation of user-supplied input by the 'admin.php' script, which allows remote attackers to send a specially crafted HTTP request to add an administrative user.

Affected

N-13 News version 3.4, 3.7 and 4.0

References

http://secunia.com/advisories/42959
http://www.exploit-db.com/exploits/16013/
http://xforce.iss.net/xforce/xfdb/64824

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0642

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat SecurityConstraints Security Bypass Vulnerability
AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
Apache Continuum Cross Site Scripting Vulnerability
Apache Tomcat TroubleShooter Servlet Installed

Take action and discover your vulnerabilities