CVE-2012-1297

Name of the Vulnerable Software and Affected Versions Contao versions 2.11.0 and earlier

Description The issue allows remote attackers to hijack the authentication of administrators for requests, enabling them to perform unauthorized actions such as deleting users, news, or newsletters. This is achieved through multiple cross-site request forgery (CSRF) vulnerabilities in the main.php file.

Recommendations For Contao versions 2.11.0 and earlier, as a temporary workaround, consider restricting access to the delete actions in the user, news, and newsletters modules until a patch is available. Avoid using these modules for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.