Lucene search

K

[email protected]NVD:CVE-2012-4773

HistoryOct 22, 2012 - 11:55 p.m.

CVE-2012-4773

2012-10-2223:55:08

CWE-352

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.043 Low

EPSS

Percentile

92.4%

Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/.

Affected configurations

NVD

Node

intelliantssubrion_cmsRange≤2.2.2

OR

intelliantssubrion_cmsMatch2.0.4

OR

intelliantssubrion_cmsMatch2.2.0

OR

intelliantssubrion_cmsMatch2.2.1

References

archives.neohapsis.com/archives/bugtraq/2012-10/0096.html

packetstormsecurity.org/files/116433

packetstormsecurity.org/files/117460/Subrion-CMS-2.2.1-XSS-CSRF-SQL-Injection.html

secunia.com/advisories/51013

www.osvdb.org/85999

www.subrion.com/forums/announcements/934-subrion-2-2-3-open-source-cms-core-available.html

www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5106.php

exchange.xforce.ibmcloud.com/vulnerabilities/78469

exchange.xforce.ibmcloud.com/vulnerabilities/79469

www.htbridge.com/advisory/HTB23113

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.043 Low

EPSS

Percentile

92.4%

Related for NVD:CVE-2012-4773

cve1 prion1 cvelist1 packetstorm1 exploitpack1 htbridge1 securityvulns2 exploitdb1