CVE-2011-0440

EUVD-2011-0465
Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that delete blogs.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
maharamahara
1.2.0
maharamahara
1.2.0:alpha1
maharamahara
1.2.0:alpha2
maharamahara
1.2.0:alpha3
maharamahara
1.2.0:beta1
maharamahara
1.2.0:beta2
maharamahara
1.2.0:beta3
maharamahara
1.2.0:beta4
maharamahara
1.2.0:rc1
maharamahara
1.2.1
maharamahara
1.2.2
maharamahara
1.2.3
maharamahara
1.2.4
maharamahara
1.2.5
maharamahara
1.2.6
maharamahara
1.3.0
maharamahara
1.3.0:beta1
maharamahara
1.3.0:beta2
maharamahara
1.3.0:beta3
maharamahara
1.3.0:beta4
maharamahara
1.3.0:rc1
maharamahara
1.3.1
maharamahara
1.3.2
maharamahara
1.3.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mahara
dapper
dne
hardy
dne
karmic
ignored
lucid
Fixed 1.2.4-1ubuntu0.2
released
maverick
Fixed 1.2.5-2ubuntu0.1
released
natty
not-affected
Common Weakness Enumeration
References
http://mahara.org/interaction/forum/topic.php?id=3206
http://mahara.org/interaction/forum/topic.php?id=3208
http://secunia.com/advisories/43858
http://www.debian.org/security/2011/dsa-2206
http://www.securityfocus.com/bid/47033
https://exchange.xforce.ibmcloud.com/vulnerabilities/66326
http://mahara.org/interaction/forum/topic.php?id=3206
http://mahara.org/interaction/forum/topic.php?id=3208
http://secunia.com/advisories/43858
http://www.debian.org/security/2011/dsa-2206
http://www.securityfocus.com/bid/47033
https://exchange.xforce.ibmcloud.com/vulnerabilities/66326