CVE-2011-3582

HIGH

8.8

CVSS Severity Score

EPSS Score0.1120%

EPSS Percentile36.60th

Published2020年1月22日

Last Modified2024年11月21日

Vulnerability Description

A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirmation for sensitive transactions in the administrator functions.

Affected Platforms (CPE)

📦

Anelectron

Advanced Electron Forums

<= 1.0.9

References & Advisories

🔗 https://www.openwall.com/lists/oss-security/2011/09/30/3

相关漏洞威胁

CVE-2008-509010.0

Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in ...

CVE-2009-25456.8

SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when magic_quotes_gpc is disabled, allows remote attackers to ex...

CVE-2011-37005.0

Advanced Electron Forum (AEF) 1.0.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, w...

CVE-2018-130004.8

An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` e...