Summary
This host is running Zikula and is prone to cross-site request forgery vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary commands in the context of affected site.
Impact Level: Application.
Solution
Upgrade to the Zikula version 1.2.5
For updates refer to http://zikula.org/
Insight
The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for majority of administrator functions such as adding new user, assigning user to administrative privilege.
Affected
Zikula version 1.2.4 and prior
References
Severity
Classification
-
CVE CVE-2011-0535, CVE-2011-0911 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities