Description

Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module.

Remediation

References

CVE-2012-1297

Related Vulnerabilities

WordPress Plugin Google Analytics Top Content Widget Cross-Site Scripting (1.5.6)

WordPress Plugin Service Area Postcode Checker Cross-Site Scripting (2.0.8)

WordPress Plugin Data Tables Generator by Supsystic Cross-Site Scripting (1.10.19)

WordPress Plugin WooCommerce-Store Exporter Privilege Escalation (1.8.3)

Oracle JRE CVE-2012-0502 Vulnerability (CVE-2012-0502)

Severity

Medium

Classification

CVE-2012-1297 CWE-352

Tags

Missing Update Known Vulnerabilities