Test ID:	1.3.6.1.4.1.25623.1.0.801732
Category:	Web application abuses
Title:	Zikula CMS CSRF Vulnerability
Summary:	Zikula is prone to a cross-site request forgery vulnerability.
Description:	Summary: Zikula is prone to a cross-site request forgery vulnerability. Vulnerability Insight: The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for majority of administrator functions such as adding new user, assigning user to administrative privilege. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary commands in the context of the affected site. Affected Software/OS: Zikula version 1.2.4 and prior. Solution: Upgrade to the Zikula version 1.2.5. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0535 20110201 Zikula CMS 1.2.4 <= Cross Site Request Forgery (CSRF) Vulnerability http://seclists.org/fulldisclosure/2011/Feb/0 43114 http://secunia.com/advisories/43114 70751 http://www.osvdb.org/70751 8067 http://securityreason.com/securityalert/8067 [oss-security] 20110201 CVE Request: Zikula CMS 1.2.4 <= Cross Site Request Forgery (CSRF) Vulnerability http://openwall.com/lists/oss-security/2011/02/01/1 [oss-security] 20110203 Re: CVE Request: Zikula CMS 1.2.4 <= Cross Site Request Forgery (CSRF) Vulnerability http://openwall.com/lists/oss-security/2011/02/03/1 http://bl0g.yehg.net/2011/02/zikula-cms-124-cross-site-request.html http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG http://community.zikula.org/index.php?module=News&func=display&sid=3041&title=zikula-1.2.5-released Common Vulnerability Exposure (CVE) ID: CVE-2011-0911
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.