CVE-2011-0748

Multiple cross-site request forgery (CSRF) vulnerabilities in phpList before 2.10.13 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) edit administrator accounts.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
tincanphplist
𝑥
≤ 2.10.12
tincanphplist
1.0
tincanphplist
1.0.1
tincanphplist
1.1.2b:b
tincanphplist
1.1.3b:b
tincanphplist
1.1.4b:b
tincanphplist
1.1.5
tincanphplist
1.1.5b:b
tincanphplist
1.1.6
tincanphplist
1.1.7
tincanphplist
1.3.5
tincanphplist
1.3.7
tincanphplist
1.4.1
tincanphplist
1.5.0
tincanphplist
1.5.1
tincanphplist
1.6.0
tincanphplist
1.6.1
tincanphplist
1.6.3
tincanphplist
1.6.4
tincanphplist
1.7.0
tincanphplist
1.7.1
tincanphplist
1.8.0
tincanphplist
1.9.0
tincanphplist
1.9.1
tincanphplist
1.9.2
tincanphplist
1.9.3
tincanphplist
2.1.0
tincanphplist
2.1.1
tincanphplist
2.1.3
tincanphplist
2.1.4
tincanphplist
2.2.0
tincanphplist
2.2.1
tincanphplist
2.3.0
tincanphplist
2.3.1
tincanphplist
2.3.2
tincanphplist
2.3.3
tincanphplist
2.3.4
tincanphplist
2.4.0
tincanphplist
2.4.7
tincanphplist
2.5.0
tincanphplist
2.5.1
tincanphplist
2.5.2
tincanphplist
2.5.3
tincanphplist
2.5.4
tincanphplist
2.5.5
tincanphplist
2.5.6
tincanphplist
2.5.7
tincanphplist
2.5.8
tincanphplist
2.6
tincanphplist
2.6.0
tincanphplist
2.6.1
tincanphplist
2.6.2
tincanphplist
2.6.3
tincanphplist
2.6.4
tincanphplist
2.6.5
tincanphplist
2.7.1
tincanphplist
2.7.2
tincanphplist
2.8.2
tincanphplist
2.8.7
tincanphplist
2.8.12
tincanphplist
2.9.3
tincanphplist
2.9.4
tincanphplist
2.9.5
tincanphplist
2.10.1
tincanphplist
2.10.2
tincanphplist
2.10.3
tincanphplist
2.10.4
tincanphplist
2.10.5
tincanphplist
2.10.6
tincanphplist
2.10.7
tincanphplist
2.10.8
tincanphplist
2.10.9
tincanphplist
2.10.10
tincanphplist
2.10.11
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://int21.de/cve/CVE-2011-0748-phplist.html
http://osvdb.org/78549
http://secunia.com/advisories/44041
http://securityreason.com/securityalert/8199
http://www.exploit-db.com/exploits/18419
http://www.phplist.com/?lid=516
http://www.securityfocus.com/archive/1/517400/100/0/threaded
http://www.securityfocus.com/bid/51681
https://exchange.xforce.ibmcloud.com/vulnerabilities/72746
http://int21.de/cve/CVE-2011-0748-phplist.html
http://osvdb.org/78549
http://secunia.com/advisories/44041
http://securityreason.com/securityalert/8199
http://www.exploit-db.com/exploits/18419
http://www.phplist.com/?lid=516
http://www.securityfocus.com/archive/1/517400/100/0/threaded
http://www.securityfocus.com/bid/51681
https://exchange.xforce.ibmcloud.com/vulnerabilities/72746