CVE-2011-0503

vam_shop <= 1.6.1 - Cross-Site Request Forgery in Admin User Management

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0503. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The exploit demonstrates multiple CSRF and XSS vulnerabilities in VaM Shop 1.6. It includes PoC code for changing user status, permissions, and executing arbitrary JavaScript via unsanitized input in various admin scripts.

Description

Cross-site request forgery (CSRF) vulnerability in VaM Shop 1.6, 1.6.1, and probably earlier versions allows remote attackers to hijack the authentication of administrators for requests that (1) change user status via admin/customers.php or (2) change user permissions via admin/accounting.php. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/15968

View Code ZIP pw:eip

The exploit demonstrates multiple CSRF and XSS vulnerabilities in VaM Shop 1.6. It includes PoC code for changing user status, permissions, and executing arbitrary JavaScript via unsanitized input in various admin scripts.

Classification

Working Poc 90%

Attack Type

Xss | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: VaM Shop 1.6 and prior versions

Auth required

Prerequisites: Admin access to the target application · Victim interaction for CSRF/XSS

MITRE ATT&CK