CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-0535

Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.4%

CVSS Severity

CVSS v2 Score 6.8

References

Products affected by CVE-2011-0535

Zikula » Zikula Application Framework » Version: Any

cpe:2.3:a:zikula:zikula_application_framework:*
Zikula » Zikula Application Framework » Version: 1.1.2

cpe:2.3:a:zikula:zikula_application_framework:1.1.2
Zikula » Zikula Application Framework » Version: 1.2.1

cpe:2.3:a:zikula:zikula_application_framework:1.2.1
Zikula » Zikula Application Framework » Version: 1.2.2

cpe:2.3:a:zikula:zikula_application_framework:1.2.2
Zikula » Zikula Application Framework » Version: 1.2.3

cpe:2.3:a:zikula:zikula_application_framework:1.2.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-0535

Products

Pricing

Contact Us