CVE-2011-5011

Name: CVE-2011-5011
Creator: NVD / NIST
Published: 2011-12-25T01:55:04.817+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.39%

Last modified Jun 16, 2026

CVE-2011-5011 is a vulnerability of currently unknown severity. Multiple cross-site request forgery (CSRF) vulnerabilities in xt:Commerce 3.0.4 SP2.1 and possibly earlier allow remote attackers to hijack the authentication of Admins for requests that (1) set a New user to Admin via the cID parameter to a statusconfirm action in admin/customers.php and (2) grant permissions to users via the cID parameter to a save action in admin/accounting.php.. EPSS estimates a 3.39% chance of exploitation in the next 30 days.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in xt:Commerce 3.0.4 SP2.1 and possibly earlier allow remote attackers to hijack the authentication of Admins for requests that (1) set a New user to Admin via the cID parameter to a statusconfirm action in admin/customers.php and (2) grant permissions to users via the cID parameter to a save action in admin/accounting.php.

Metrics

EPSS Probability

3.39%

87.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-352

Affected Software

Vendor	Product	Versions	Update
Xt-Commerce	Xt-Commerce	3.0.4	Sp2.1

References

http://dishix.blogspot.com/2011/11/exploiting-xtcommerce-v304-sp21-cross.htmlThird Party Advisory
http://dishix.blogspot.com/p/xtcommerce-v304-sp21-cross-site-request_29.htmlThird Party Advisory
http://osvdb.org/77498Broken Link
http://secunia.com/advisories/47032Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/71642VDB Entry
http://dishix.blogspot.com/2011/11/exploiting-xtcommerce-v304-sp21-cross.htmlThird Party Advisory
http://dishix.blogspot.com/p/xtcommerce-v304-sp21-cross-site-request_29.htmlThird Party Advisory
http://osvdb.org/77498Broken Link
http://secunia.com/advisories/47032Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/71642VDB Entry

Timeline

Published: Dec 25, 2011
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2011-5011?

How severe is CVE-2011-5011?

Severity scoring for CVE-2011-5011 is pending analysis. The EPSS model estimates a 3.39% probability of exploitation in the next 30 days.

How do I fix CVE-2011-5011?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-5011?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST