Test Kennung:	1.3.6.1.4.1.25623.1.0.801732
Kategorie:	Web application abuses
Titel:	Zikula CMS CSRF Vulnerability
Zusammenfassung:	This host is running Zikula and is prone to a cross-site request; forgery vulnerability.
Beschreibung:	Summary: This host is running Zikula and is prone to a cross-site request forgery vulnerability. Vulnerability Insight: The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for majority of administrator functions such as adding new user, assigning user to administrative privilege. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary commands in the context of the affected site. Affected Software/OS: Zikula version 1.2.4 and prior. Solution: Upgrade to the Zikula version 1.2.5. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0535 http://seclists.org/fulldisclosure/2011/Feb/0 http://bl0g.yehg.net/2011/02/zikula-cms-124-cross-site-request.html http://openwall.com/lists/oss-security/2011/02/01/1 http://openwall.com/lists/oss-security/2011/02/03/1 http://www.osvdb.org/70751 http://secunia.com/advisories/43114 http://securityreason.com/securityalert/8067 Common Vulnerability Exposure (CVE) ID: CVE-2011-0911
Copyright	Copyright (c) 2011 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.