Contao Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2012-1297 - Vulnerability Database

Contao Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2012-1297

Medium

Reference: CVE-2012-1297

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2012-1297

Title: Contao Cross-Site Request Forgery (CSRF) Vulnerability

Overview:

Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module (2) delete news via a delete action in the news module or (3) delete newsletters via a delete action in the newsletters module.