CVE-2011-1954
Post Revolution < 0.8.0c-2 - Cross-Site Request Forgery via Multiple Endpoints
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in Post Revolution 0.8.0c-2 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests to (1) ajax-weblog-guardar.php, (2) verpost.php, (3) comments.php, or (4) perfil.php.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/518205/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/72641
Various Sources x_refsource_misc
http://javierb.com.ar/2011/06/01/postrev-vunls/
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/44710
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8270
Various Sources x_refsource_confirm
http://postrev.com.ar/verpost.php?id_noticia=59
Scores
EPSS
0.0067
EPSS Percentile
47.6%
Details
CWE
CWE-352
Status
published
Products (10)
postrev/post_revolution
0.6.2 beta
postrev/post_revolution
0.6.3 beta
postrev/post_revolution
0.6.4
postrev/post_revolution
0.6.5
postrev/post_revolution
0.6.6
postrev/post_revolution
0.7.0 rc1 (4 CPE variants)
postrev/post_revolution
0.8.0 alpha
postrev/post_revolution
0.8.0b
postrev/post_revolution
0.8.0c
postrev/post_revolution
< 0.8.0c-2
Published
Jun 06, 2011
Tracked Since
Feb 18, 2026