CVE-2011-0440

high

Description

Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that delete blogs.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/66326

http://www.securityfocus.com/bid/47033

http://www.debian.org/security/2011/dsa-2206

http://secunia.com/advisories/43858

http://mahara.org/interaction/forum/topic.php?id=3208

http://mahara.org/interaction/forum/topic.php?id=3206

Details

Source: Mitre, NVD

Published: 2011-03-28

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00295

Detections

Analytics