ContaoCMS (fka TYPOlight) 2.11 CSRF (Delete Admin- Delete Article)

Posted on lunedì 27 febbraio 2012 by Ivano Binetti

ContaoCMS (fka TYPOlight) 2.11 version (and lower) in affected by a CSRF vulnerability which allows to delete administrator/users, delete article, news, newsletter and so on.
I've created an Advisory describing this vulnerability and the methods to exploit it:
ContaoCMS Ivano Binetti's Advisory

