CVE-2011-1954

Published Jun 6, 2011

Last updated 6 years ago

Overview

Description: Multiple cross-site request forgery (CSRF) vulnerabilities in Post Revolution 0.8.0c-2 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests to (1) ajax-weblog-guardar.php, (2) verpost.php, (3) comments.php, or (4) perfil.php.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-352

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F7E6187-5C1A-4BE3-866E-0D574A0C578B",
            "versionEndIncluding": "0.8.0c-2"
          },
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:0.6.2:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9A721BF-DFD7-4F66-A5DF-53C69647E75A"
          },
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:0.6.3:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A460C783-0922-48CD-831D-43BC5FA177B8"
          },
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:0.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B6C9114-F48B-42B5-886C-ACD57C4DAD55"
          },
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:0.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B185A73E-AD6A-42CE-816F-0EC280BC6DF4"
          },
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:0.6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "412E1018-BF17-42A0-9027-46DD8CEF5383"
          },
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:0.7.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EC294CE-0BE0-4EE2-891C-52A98B8C241A"
          },
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:0.7.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F76CA836-C63A-4DCC-A265-0A7A9A82C2B7"
          },
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:0.7.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EDE637C-7D0F-4037-9E45-77886316CEED"
          },
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:0.7.0:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D5BD6F4-DC7E-47AE-8E24-155C4E2F6B10"
          },
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:0.8.0:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "966BA6A4-5E70-4AB5-9F26-D56D4EADDA49"
          },
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:0.8.0b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF533C04-2042-459A-B0B2-6D5E6E0195B8"
          },
          {
            "criteria": "cpe:2.3:a:postrev:post_revolution:0.8.0c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4CB82C58-0473-4505-A823-C4C17A3DE00C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References