CVE-2011-0503

Published: Jan 20, 2011Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in VaM Shop 1.6, 1.6.1, and probably earlier versions allows remote attackers to hijack the authentication of administrators for requests that (1) change user status via admin/customers.php or (2) change user permissions via admin/accounting.php. NOTE: some of these details are obtained from third party information.

Affected (2)

Products: Vamsoft: Vam Shop

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Vamsoft Vam Shop	Up to 1.6.1
Vamsoft Vam Shop	Version 1.6

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (10)

http://osvdb.org/70431

Source: cve@mitre.org

http://secunia.com/advisories/42869

Source: cve@mitre.org

Vendor Advisory

http://www.exploit-db.com/exploits/15968

Source: cve@mitre.org

http://www.htbridge.ch/advisory/xsrf_csrf_in_vam_shop.html

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/archive/1/515613/100/0/threaded

Source: cve@mitre.org

http://osvdb.org/70431

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/42869

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.exploit-db.com/exploits/15968

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.htbridge.ch/advisory/xsrf_csrf_in_vam_shop.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/archive/1/515613/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.