Description
Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php.
Exploits (1)
References (9)
Core 9
Core References
Exploit mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/02/03/1
Various Sources x_refsource_confirm
http://community.zikula.org/index.php?module=News&func=display&sid=3041&title=zikula-1.2.5-released
Various Sources x_refsource_confirm
http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/70751
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43114
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8067
Exploit mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/02/01/1
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2011/Feb/0
Exploit x_refsource_misc
http://bl0g.yehg.net/2011/02/zikula-cms-124-cross-site-request.html
Scores
EPSS
0.0050
EPSS Percentile
66.0%
Details
CWE
CWE-352
Status
published
Products (5)
zikula/zikula_application_framework
1.1.2
zikula/zikula_application_framework
1.2.1
zikula/zikula_application_framework
1.2.2
zikula/zikula_application_framework
1.2.3
zikula/zikula_application_framework
< 1.2.4
Published
Feb 08, 2011
Tracked Since
Feb 18, 2026