Lucene search

[email protected]CVE-2012-4877

HistorySep 06, 2012 - 9:55 p.m.

CVE-2012-4877

2012-09-0621:55:03

CWE-352

[email protected]

web.nvd.nist.gov

cve-2012-4877

cross-site request forgery

csrf vulnerability

flatnux cms

remote attackers

authentication hijacking

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.1%

JSON

Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts.

Affected configurations

NVD

Node

flatnuxflatnuxRange≤2011-08-09-2

flatnuxflatnuxMatch2008-12-11

flatnuxflatnuxMatch2009-01-27

flatnuxflatnuxMatch2009-02-04

CPENameOperatorVersion
flatnux:flatnuxflatnuxle2011-08-09-2
flatnux:flatnuxflatnuxeq2008-12-11
flatnux:flatnuxflatnuxeq2009-01-27
flatnux:flatnuxflatnuxeq2009-02-04

CPE	Name	Operator	Version
flatnux:flatnux	flatnux	le	2011-08-09-2
flatnux:flatnux	flatnux	eq	2008-12-11
flatnux:flatnux	flatnux	eq	2009-01-27
flatnux:flatnux	flatnux	eq	2009-02-04

References

osvdb.org/80878

packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html

secunia.com/advisories/48656

www.securityfocus.com/bid/52846

www.vulnerability-lab.com/get_content.php?id=487

exchange.xforce.ibmcloud.com/vulnerabilities/74567

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.1%

JSON

Related for CVE-2012-4877

nvd1 prion1 cvelist1