Lucene search
K

CVE-2012-4902

🗓️ 20 May 2015 19:00:00Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 49 Views🌐 WEB

CVE-2012-4902 - CSRF vulnerabilities in Template CMS 2.1.

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today
Template CMS 2.1.1 Cross Site Request Forgery / Cross Site Scripting
4 Oct 201200:00
zdt
Cvelist
CVE-2012-4902
20 May 201519:00
cvelist
Exploit DB
Template CMS 2.1.1 - Multiple Vulnerabilities
4 Oct 201200:00
exploitdb
EUVD
EUVD-2012-4827
7 Oct 202500:30
euvd
exploitpack
Template CMS 2.1.1 - Multiple Vulnerabilities
4 Oct 201200:00
exploitpack
htbridge
Multiple vulnerabilities in Template CMS
12 Sep 201200:00
htbridge
NVD
CVE-2012-4902
20 May 201519:59
nvd
Packet Storm
Template CMS 2.1.1 Cross Site Request Forgery / Cross Site Scripting
3 Oct 201200:00
packetstorm
Prion
Cross site request forgery (csrf)
20 May 201519:59
prion
securityvulns
Multiple vulnerabilities in Template CMS
22 Oct 201200:00
securityvulns
Rows per page
NVD
ParameterPositionPathDescriptionCWE
themes_editorrequest bodyadmin/index.php?action=add_template&id=themesCSRF/XSS vulnerability: POSTing themes_editor to admin/index.php?action=add_template allows injection via CSRF; themes_editor is not properly sanitized (XSS risk).CWE-79CWE-352
loginrequest bodyadmin/index.php?id=system&sub_id=users&action=addCSRF vulnerability: authenticated admin actions can be triggered to add a new administrator without proper origin checks.CWE-352
passwordrequest bodyadmin/index.php?id=system&sub_id=users&action=addCSRF vulnerability: authenticated admin actions can be triggered to add a new administrator without proper origin checks.CWE-352
emailrequest bodyadmin/index.php?id=system&sub_id=users&action=addCSRF vulnerability: authenticated admin actions can be triggered to add a new administrator without proper origin checks.CWE-352
rolerequest bodyadmin/index.php?id=system&sub_id=users&action=addCSRF vulnerability: authenticated admin actions can be triggered to add a new administrator without proper origin checks.CWE-352
registerrequest bodyadmin/index.php?id=system&sub_id=users&action=addCSRF vulnerability: authenticated admin actions can be triggered to add a new administrator without proper origin checks.CWE-352
themes_editor_namerequest bodyadmin/index.php?id=themes&action=edit_template&file=aboutTemplate.phpCSRF vulnerability: authors can modify template code by submitting themes_editor to edit_template action (potential arbitrary PHP code execution under server config).CWE-352
themes_editorrequest bodyadmin/index.php?id=themes&action=edit_template&file=aboutTemplate.phpCSRF vulnerability: authors can modify template code by submitting themes_editor to edit_template action (potential arbitrary PHP code execution under server config).CWE-352
old_namerequest bodyadmin/index.php?id=themes&action=edit_template&file=aboutTemplate.phpCSRF vulnerability: authors can modify template code by submitting themes_editor to edit_template action (potential arbitrary PHP code execution under server config).CWE-352
edit_templaterequest bodyadmin/index.php?id=themes&action=edit_template&file=aboutTemplate.phpCSRF vulnerability: authors can modify template code by submitting themes_editor to edit_template action (potential arbitrary PHP code execution under server config).CWE-352
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

16 Jun 2026 23:45Current
7.8High risk
Vulners AI Score7.8
CVSS 26.8
EPSS0.01318
49