Lucene search

MitreCVE-2012-1498

HistoryMar 19, 2012 - 7:55 p.m.

CVE-2012-1498

2012-03-1919:55:04

CWE-352

mitre

web.nvd.nist.gov

cve-2012-1498

csrf

webfolio cms

remote attackers

authentication hijacking

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.029

Percentile

90.8%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio CMS 1.1.4 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via an add action to admin/users/add or (2) modify a web page via a save action to admin/pages/edit/web_page_name.

Affected configurations

Nvd

Node

nikola_posawebfoliocms1.0.2

nikola_posawebfoliocms1.0.3

nikola_posawebfoliocms1.0.4

nikola_posawebfoliocms1.0.5

nikola_posawebfoliocms1.0.6

nikola_posawebfoliocms1.0.7

nikola_posawebfoliocms1.0.8

nikola_posawebfoliocms1.0.9

nikola_posawebfoliocms1.1.0

nikola_posawebfoliocms1.1.1

nikola_posawebfoliocms1.1.2

nikola_posawebfoliocms1.1.3

nikola_posawebfoliocms1.1.4

VendorProductVersionCPE
nikola_posawebfoliocms1.0.2*cpe:2.3:a:nikola_posa:webfoliocms1.0.2:*:*:*:*:*:*:*:*
nikola_posawebfoliocms1.0.3*cpe:2.3:a:nikola_posa:webfoliocms1.0.3:*:*:*:*:*:*:*:*
nikola_posawebfoliocms1.0.4*cpe:2.3:a:nikola_posa:webfoliocms1.0.4:*:*:*:*:*:*:*:*
nikola_posawebfoliocms1.0.5*cpe:2.3:a:nikola_posa:webfoliocms1.0.5:*:*:*:*:*:*:*:*
nikola_posawebfoliocms1.0.6*cpe:2.3:a:nikola_posa:webfoliocms1.0.6:*:*:*:*:*:*:*:*
nikola_posawebfoliocms1.0.7*cpe:2.3:a:nikola_posa:webfoliocms1.0.7:*:*:*:*:*:*:*:*
nikola_posawebfoliocms1.0.8*cpe:2.3:a:nikola_posa:webfoliocms1.0.8:*:*:*:*:*:*:*:*
nikola_posawebfoliocms1.0.9*cpe:2.3:a:nikola_posa:webfoliocms1.0.9:*:*:*:*:*:*:*:*
nikola_posawebfoliocms1.1.0*cpe:2.3:a:nikola_posa:webfoliocms1.1.0:*:*:*:*:*:*:*:*
nikola_posawebfoliocms1.1.1*cpe:2.3:a:nikola_posa:webfoliocms1.1.1:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nikola_posa	webfoliocms1.0.2	*	cpe:2.3:a:nikola_posa:webfoliocms1.0.2::::::::
nikola_posa	webfoliocms1.0.3	*	cpe:2.3:a:nikola_posa:webfoliocms1.0.3::::::::
nikola_posa	webfoliocms1.0.4	*	cpe:2.3:a:nikola_posa:webfoliocms1.0.4::::::::
nikola_posa	webfoliocms1.0.5	*	cpe:2.3:a:nikola_posa:webfoliocms1.0.5::::::::
nikola_posa	webfoliocms1.0.6	*	cpe:2.3:a:nikola_posa:webfoliocms1.0.6::::::::
nikola_posa	webfoliocms1.0.7	*	cpe:2.3:a:nikola_posa:webfoliocms1.0.7::::::::
nikola_posa	webfoliocms1.0.8	*	cpe:2.3:a:nikola_posa:webfoliocms1.0.8::::::::
nikola_posa	webfoliocms1.0.9	*	cpe:2.3:a:nikola_posa:webfoliocms1.0.9::::::::
nikola_posa	webfoliocms1.1.0	*	cpe:2.3:a:nikola_posa:webfoliocms1.1.0::::::::
nikola_posa	webfoliocms1.1.1	*	cpe:2.3:a:nikola_posa:webfoliocms1.1.1::::::::

Rows per page:

1-10 of 131

References

ivanobinetti.blogspot.com/2012/02/webfoliocms-114-csrf-add-adminmodify.html

osvdb.org/79658

packetstormsecurity.org/files/110294/WebfolioCMS-1.1.4-Cross-Site-Request-Forgery.html

secunia.com/advisories/48190

www.exploit-db.com/exploits/18536

www.securityfocus.com/bid/52218

exchange.xforce.ibmcloud.com/vulnerabilities/73575

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.029

Percentile

90.8%

JSON

Related for CVE-2012-1498