Lucene search

K
cve[email protected]CVE-2012-1416
HistoryOct 08, 2012 - 6:55 p.m.

CVE-2012-1416

2012-10-0818:55:01
CWE-352
web.nvd.nist.gov
18
cve-2012-1416
cross-site request forgery
csrf vulnerabilities
socialcms 1.0.2
remote attackers
authentication hijacking
administrators
nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.015

Percentile

87.0%

Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCMS 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrator accounts via a member_new action to my_admin/admin1_members.php or (2) modify the default site title via a save action to my_admin/admin1_configuration.php.

Affected configurations

NVD
Node
socialcmssocialcmsMatch1.0.2
VendorProductVersionCPE
socialcmssocialcms1.0.2cpe:/a:socialcms:socialcms:1.0.2:::

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.015

Percentile

87.0%

Related for CVE-2012-1416