Main Vulnerability Database SB2011041302

SB2011041302 - Cross-site request forgery in phplist.com PHPlist

Published: April 13, 2011 Updated: August 11, 2020

Security Bulletin ID SB2011041302

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cross-site request forgery (CVE-ID: CVE-2011-1682)

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and hijack the authentication of administrators for requests that (1) create a list or (2) insert cross-site scripting (XSS) sequences. NOTE: this issue exists because of an incomplete fix for CVE-2011-0748.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

SB2011041302 - Cross-site request forgery in phplist.com PHPlist

Breakdown by Severity

Description

Remediation

References

Please verify you're human