Back to CVE Browser

CVE-2011-5284

MEDIUM

6.8

CVSS Severity Score

EPSS Score0.0670%

EPSS Percentile34.95th

PublishedDec 31, 2014

Last ModifiedMay 6, 2026

Vulnerability Description

Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the authentication of administrators for requests that perform a reboot via a request to cgi-bin/shutdown.cgi.

Affected Platforms (CPE)

💻

Smoothwall

Smoothwall

<= 3.1

💻

Smoothwall

Smoothwall

= 3.0

References & Advisories

🔗 http://osvdb.org/show/osvdb/70497

🔗 http://packetstormsecurity.com/files/129698/SmoothWall-3.1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html

🔗 http://www.exploit-db.com/exploits/16006

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/99403

🔗 http://osvdb.org/show/osvdb/70497

🔗 http://packetstormsecurity.com/files/129698/SmoothWall-3.1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html

🔗 http://www.exploit-db.com/exploits/16006

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/99403

Related Vulnerabilities

CVE-2011-10858.8

CSRF vulnerability in Smoothwall Express 3.

CVE-2019-253957.2

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the preferences.c...

CVE-2019-253797.2

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilte...

CVE-2019-253947.2

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi scr...