CVE-2012-1297

Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
contaocontao_cms
𝑥
≤ 2.11.0
contaocontao_cms
2.0
contaocontao_cms
2.0:beta-rc2
contaocontao_cms
2.0:beta-rc3
contaocontao_cms
2.1.0
contaocontao_cms
2.1.1
contaocontao_cms
2.1.2
contaocontao_cms
2.1.3
contaocontao_cms
2.1.4
contaocontao_cms
2.1.5
contaocontao_cms
2.1.6
contaocontao_cms
2.1.7
contaocontao_cms
2.1.8
contaocontao_cms
2.1.9
contaocontao_cms
2.1.10
contaocontao_cms
2.1.11
contaocontao_cms
2.1.12
contaocontao_cms
2.1.13
contaocontao_cms
2.1.14
contaocontao_cms
2.1.15
contaocontao_cms
2.1.16
contaocontao_cms
2.1.17
contaocontao_cms
2.1.18
contaocontao_cms
2.1.19
contaocontao_cms
2.1.20
contaocontao_cms
2.2.0
contaocontao_cms
2.2.1
contaocontao_cms
2.2.2
contaocontao_cms
2.2.3
contaocontao_cms
2.2.4
contaocontao_cms
2.2.5
contaocontao_cms
2.2.6
contaocontao_cms
2.2.7
contaocontao_cms
2.2.8
contaocontao_cms
2.2.9
contaocontao_cms
2.2.10
contaocontao_cms
2.2.11
contaocontao_cms
2.2.12
contaocontao_cms
2.3.0
contaocontao_cms
2.3.1
contaocontao_cms
2.3.2
contaocontao_cms
2.3.3
contaocontao_cms
2.3.4
contaocontao_cms
2.4.0
contaocontao_cms
2.4.0:beta
contaocontao_cms
2.4.1
contaocontao_cms
2.4.2
contaocontao_cms
2.4.3
contaocontao_cms
2.4.4
contaocontao_cms
2.4.5
contaocontao_cms
2.4.6
contaocontao_cms
2.4.7
contaocontao_cms
2.5.0
contaocontao_cms
2.5.0:beta
contaocontao_cms
2.5.0:beta-rc2
contaocontao_cms
2.5.1
contaocontao_cms
2.5.2
contaocontao_cms
2.5.3
contaocontao_cms
2.5.4
contaocontao_cms
2.5.5
contaocontao_cms
2.5.6
contaocontao_cms
2.5.7
contaocontao_cms
2.5.8
contaocontao_cms
2.5.9
contaocontao_cms
2.6.0
contaocontao_cms
2.6.0:beta
contaocontao_cms
2.6.0:beta2
contaocontao_cms
2.6.1
contaocontao_cms
2.6.2
contaocontao_cms
2.6.3
contaocontao_cms
2.6.4
contaocontao_cms
2.6.5
contaocontao_cms
2.6.6
contaocontao_cms
2.6.7
contaocontao_cms
2.6.8
contaocontao_cms
2.7.0
contaocontao_cms
2.7.0:rc1
contaocontao_cms
2.7.0:rc2
contaocontao_cms
2.7.1
contaocontao_cms
2.7.2
contaocontao_cms
2.7.3
contaocontao_cms
2.7.4
contaocontao_cms
2.7.5
contaocontao_cms
2.7.6
contaocontao_cms
2.7.7
contaocontao_cms
2.8.0
contaocontao_cms
2.8.0:rc1
contaocontao_cms
2.8.0:rc2
contaocontao_cms
2.8.1
contaocontao_cms
2.8.2
contaocontao_cms
2.8.3
contaocontao_cms
2.8.4
contaocontao_cms
2.9.0
contaocontao_cms
2.9.0:beta1
contaocontao_cms
2.9.0:rc1
contaocontao_cms
2.9.1
contaocontao_cms
2.9.2
contaocontao_cms
2.9.3
contaocontao_cms
2.9.4
contaocontao_cms
2.9.5
contaocontao_cms
2.10.:beta
contaocontao_cms
2.10.0
contaocontao_cms
2.10.0:rc1
contaocontao_cms
2.10.1
contaocontao_cms
2.10.2
contaocontao_cms
2.10.3
contaocontao_cms
2.10.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html
http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html
http://secunia.com/advisories/48180
http://www.exploit-db.com/exploits/18527
https://exchange.xforce.ibmcloud.com/vulnerabilities/73479
http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html
http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html
http://secunia.com/advisories/48180
http://www.exploit-db.com/exploits/18527
https://exchange.xforce.ibmcloud.com/vulnerabilities/73479