CVE-2011-1682

Current Description

Multiple cross-site request forgery (CSRF) vulnerabilities in phpList 2.10.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create a list or (2) insert cross-site scripting (XSS) sequences. NOTE: this issue exists because of an incomplete fix for CVE-2011-0748. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Basic Data

PublishedApril 13, 2011
Last ModifiedAugust 17, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-352
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationTincanPhplist1.0*******
    2.3ApplicationTincanPhplist1.0.1*******
    2.3ApplicationTincanPhplist1.1.2b*******
    2.3ApplicationTincanPhplist1.1.3b*******
    2.3ApplicationTincanPhplist1.1.4b*******
    2.3ApplicationTincanPhplist1.1.5*******
    2.3ApplicationTincanPhplist1.1.5b*******
    2.3ApplicationTincanPhplist1.1.6*******
    2.3ApplicationTincanPhplist1.1.7*******
    2.3ApplicationTincanPhplist1.3.5*******
    2.3ApplicationTincanPhplist1.3.7*******
    2.3ApplicationTincanPhplist1.4.1*******
    2.3ApplicationTincanPhplist1.5.0*******
    2.3ApplicationTincanPhplist1.5.1*******
    2.3ApplicationTincanPhplist1.6.0*******
    2.3ApplicationTincanPhplist1.6.1*******
    2.3ApplicationTincanPhplist1.6.3*******
    2.3ApplicationTincanPhplist1.6.4*******
    2.3ApplicationTincanPhplist1.7.0*******
    2.3ApplicationTincanPhplist1.7.1*******
    2.3ApplicationTincanPhplist1.8.0*******
    2.3ApplicationTincanPhplist1.9.0*******
    2.3ApplicationTincanPhplist1.9.1*******
    2.3ApplicationTincanPhplist1.9.2*******
    2.3ApplicationTincanPhplist1.9.3*******
    2.3ApplicationTincanPhplist2.1.0*******
    2.3ApplicationTincanPhplist2.1.1*******
    2.3ApplicationTincanPhplist2.1.3*******
    2.3ApplicationTincanPhplist2.1.4*******
    2.3ApplicationTincanPhplist2.2.0*******
    2.3ApplicationTincanPhplist2.2.1*******
    2.3ApplicationTincanPhplist2.3.0*******
    2.3ApplicationTincanPhplist2.3.1*******
    2.3ApplicationTincanPhplist2.3.2*******
    2.3ApplicationTincanPhplist2.3.3*******
    2.3ApplicationTincanPhplist2.3.4*******
    2.3ApplicationTincanPhplist2.4.0*******
    2.3ApplicationTincanPhplist2.4.7*******
    2.3ApplicationTincanPhplist2.5.0*******
    2.3ApplicationTincanPhplist2.5.1*******
    2.3ApplicationTincanPhplist2.5.2*******
    2.3ApplicationTincanPhplist2.5.3*******
    2.3ApplicationTincanPhplist2.5.4*******
    2.3ApplicationTincanPhplist2.5.5*******
    2.3ApplicationTincanPhplist2.5.6*******
    2.3ApplicationTincanPhplist2.5.7*******
    2.3ApplicationTincanPhplist2.5.8*******
    2.3ApplicationTincanPhplist2.6*******
    2.3ApplicationTincanPhplist2.6.0*******
    2.3ApplicationTincanPhplist2.6.1*******
    2.3ApplicationTincanPhplist2.6.2*******
    2.3ApplicationTincanPhplist2.6.3*******
    2.3ApplicationTincanPhplist2.6.4*******
    2.3ApplicationTincanPhplist2.6.5*******
    2.3ApplicationTincanPhplist2.7.1*******
    2.3ApplicationTincanPhplist2.7.2*******
    2.3ApplicationTincanPhplist2.8.2*******
    2.3ApplicationTincanPhplist2.8.7*******
    2.3ApplicationTincanPhplist2.8.12*******
    2.3ApplicationTincanPhplist2.9.3*******
    2.3ApplicationTincanPhplist2.9.4*******
    2.3ApplicationTincanPhplist2.9.5*******
    2.3ApplicationTincanPhplist2.10.1*******
    2.3ApplicationTincanPhplist2.10.2*******
    2.3ApplicationTincanPhplist2.10.3*******
    2.3ApplicationTincanPhplist2.10.4*******
    2.3ApplicationTincanPhplist2.10.5*******
    2.3ApplicationTincanPhplist2.10.6*******
    2.3ApplicationTincanPhplist2.10.7*******
    2.3ApplicationTincanPhplist2.10.8*******
    2.3ApplicationTincanPhplist2.10.9*******
    2.3ApplicationTincanPhplist2.10.10*******
    2.3ApplicationTincanPhplist2.10.11*******
    2.3ApplicationTincanPhplist2.10.12*******
    2.3ApplicationTincanPhplist********2.10.13

Vulnerable Software List

VendorProductVersions
Tincan Phplist *, 1.0, 1.0.1, 1.1.2b, 1.1.3b, 1.1.4b, 1.1.5, 1.1.5b, 1.1.6, 1.1.7, 1.3.5, 1.3.7, 1.4.1, 1.5.0, 1.5.1, 1.6.0, 1.6.1, 1.6.3, 1.6.4, 1.7.0, 1.7.1, 1.8.0, 1.9.0, 1.9.1, 1.9.2, 1.9.3, 2.1.0, 2.1.1, 2.1.3, 2.1.4, 2.10.1, 2.10.10, 2.10.11, 2.10.12, 2.10.2, 2.10.3, 2.10.4, 2.10.5, 2.10.6, 2.10.7, 2.10.8, 2.10.9, 2.2.0, 2.2.1, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.4.0, 2.4.7, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.6, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.7.1, 2.7.2, 2.8.12, 2.8.2, 2.8.7, 2.9.3, 2.9.4, 2.9.5

References

NameSourceURLTags
44041http://secunia.com/advisories/44041SECUNIAVendor Advisory
phplist-list-csrf(66666)https://exchange.xforce.ibmcloud.com/vulnerabilities/66666XF
phplist-xss-sequences-csrf(66816)https://exchange.xforce.ibmcloud.com/vulnerabilities/66816XF