Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that delete blogs.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 01:23
Type | Values Removed | Values Added |
---|---|---|
References | () http://mahara.org/interaction/forum/topic.php?id=3206 - Vendor Advisory | |
References | () http://mahara.org/interaction/forum/topic.php?id=3208 - | |
References | () http://secunia.com/advisories/43858 - Vendor Advisory | |
References | () http://www.debian.org/security/2011/dsa-2206 - | |
References | () http://www.securityfocus.com/bid/47033 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/66326 - |
Information
Published : 2011-03-28 16:55
Updated : 2024-11-21 01:23
NVD link : CVE-2011-0440
Mitre link : CVE-2011-0440
CVE.ORG link : CVE-2011-0440
JSON object : View
Products Affected
mahara
- mahara
CWE
CWE-352
Cross-Site Request Forgery (CSRF)