CVE-2012-4773
7.2 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.043 Low
EPSS
Percentile
92.3%
Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/.
References
archives.neohapsis.com/archives/bugtraq/2012-10/0096.html
packetstormsecurity.org/files/116433
packetstormsecurity.org/files/117460/Subrion-CMS-2.2.1-XSS-CSRF-SQL-Injection.html
secunia.com/advisories/51013
www.osvdb.org/85999
www.subrion.com/forums/announcements/934-subrion-2-2-3-open-source-cms-core-available.html
www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5106.php
exchange.xforce.ibmcloud.com/vulnerabilities/78469
exchange.xforce.ibmcloud.com/vulnerabilities/79469
www.htbridge.com/advisory/HTB23113
Related
7.2 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.043 Low
EPSS
Percentile
92.3%