Hide Forgot
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-0535 to the following vulnerability: Name: CVE-2011-0535 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0535 Assigned: 20110120 Reference: http://seclists.org/fulldisclosure/2011/Feb/0 Reference: http://openwall.com/lists/oss-security/2011/02/01/1 Reference: http://openwall.com/lists/oss-security/2011/02/03/1 Reference: http://bl0g.yehg.net/2011/02/zikula-cms-124-cross-site-request.html Reference: http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG Reference: http://community.zikula.org/index.php?module=News&func=display&sid=3041&title=zikula-1.2.5-released Reference: http://www.osvdb.org/70751 Reference: http://secunia.com/advisories/43114 Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php.
Created zikula tracking bugs for this issue Affects: fedora-all [bug 676457] Affects: epel-all [bug 676458]