Zikula CMS CSRF Vulnerability Network Vulnerability

Summary

This host is running Zikula and is prone to cross-site request forgery vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary commands in the context of affected site. Impact Level: Application.

Solution

Upgrade to the Zikula version 1.2.5 For updates refer to http://zikula.org/

Insight

The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for majority of administrator functions such as adding new user, assigning user to administrative privilege.

Affected

Zikula version 1.2.4 and prior

References

http://packetstormsecurity.org/files/view/98060/zikulacms-xsrf.txt
http://securityreason.com/exploitalert/9921
http://www.exploit-db.com/exploits/16097/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0535, CVE-2011-0911

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Tomcat Directory Listing and File disclosure
Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
An Image Gallery Directory Traversal Vulnerability
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities

Take action and discover your vulnerabilities