CVE-2011-0535

Zikula Application Framework < 1.2.5 - Cross-Site Request Forgery via Users Module

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0535. PoCs published by Aung Khant.

AI-analyzed exploit summary This document provides a detailed technical analysis of a CSRF vulnerability in Zikula CMS 1.2.4 and earlier versions, including a proof-of-concept request that demonstrates how an attacker could escalate a normal user to an administrator. The writeup includes background, vulnerability description, affected versions, and a solution.

Description

Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Aung Khant · textwebappsphp

https://www.exploit-db.com/exploits/16097

View Code ZIP pw:eip

This document provides a detailed technical analysis of a CSRF vulnerability in Zikula CMS 1.2.4 and earlier versions, including a proof-of-concept request that demonstrates how an attacker could escalate a normal user to an administrator. The writeup includes background, vulnerability description, affected versions, and a solution.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Zikula CMS <= 1.2.4

Auth required

Prerequisites: Victim must be authenticated in Zikula CMS · Attacker must trick victim into visiting a crafted URL

MITRE ATT&CK