CVE-2012-0997

EUVD-2012-1020
Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
11in111in1
1.2.1:stable_12-31-2011
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.htbridge.ch/advisory/HTB23071
https://www.htbridge.ch/advisory/HTB23071