Lucene search

[email protected]CVE-2012-1901

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-1901

2022-10-0316:15:26

CWE-352

[email protected]

web.nvd.nist.gov

cve-2012-1901

cross-site request forgery

flexcms

security vulnerabilities

authentication hijacking

remote attack

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.1%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS 3.2.1 and earlier allow remote attackers to (1) hijack the authentication of users for requests that change account settings via a request to index.php/profile-edit-save or (2) hijack the authentication of administrators for requests that add a new page via a request to admin/pages-new-save.

Affected configurations

NVD

Node

flexcmsflexcmsRange≤3.2.1

flexcmsflexcmsMatch2.0

flexcmsflexcmsMatch2.5

CPENameOperatorVersion
flexcms:flexcmsflexcmsle3.2.1
flexcms:flexcmsflexcmseq2.0
flexcms:flexcmsflexcmseq2.5

CPE	Name	Operator	Version
flexcms:flexcms	flexcms	le	3.2.1
flexcms:flexcms	flexcms	eq	2.0
flexcms:flexcms	flexcms	eq	2.5

References

ivanobinetti.blogspot.com/2012/03/flexcms-multiple-csrf-vulnerabilities.html

secunia.com/advisories/48451

www.exploit-db.com/exploits/18609

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.1%

JSON

Related for CVE-2012-1901

prion1 nvd1 cvelist1