CVE-2011-0535

Name of the Vulnerable Software and Affected Versions Zikula versions prior to 1.2.5

Description A cross-site request forgery (CSRF) issue exists in the Users module, allowing remote attackers to hijack administrator authentication for requests that modify account privileges. This is achieved by exploiting an edit access permissions action to "index.php".

Recommendations For versions prior to 1.2.5, update to version 1.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the edit access permissions action in the Users module to minimize the risk of exploitation.