Lucene search

[email protected]NVD:CVE-2012-4877

HistorySep 06, 2012 - 9:55 p.m.

CVE-2012-4877

2012-09-0621:55:03

CWE-352

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.1%

JSON

Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts.

Affected configurations

NVD

Node

flatnuxflatnuxRange≤2011-08-09-2

flatnuxflatnuxMatch2008-12-11

flatnuxflatnuxMatch2009-01-27

flatnuxflatnuxMatch2009-02-04

References

osvdb.org/80878

packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html

secunia.com/advisories/48656

www.securityfocus.com/bid/52846

www.vulnerability-lab.com/get_content.php?id=487

exchange.xforce.ibmcloud.com/vulnerabilities/74567

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.1%

JSON

Related for NVD:CVE-2012-4877

cve1 prion1 cvelist1