Lucene search

PRIOn knowledge basePRION:CVE-2012-4773

HistoryOct 22, 2012 - 11:55 p.m.

Cross site request forgery (csrf)

2012-10-2223:55:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

Low

0.043 Low

EPSS

Percentile

92.4%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/.

CPENameOperatorVersion
subrion_cmseq2.2.0
subrion_cmseq2.0.4
subrion_cmsle2.2.2
subrion_cmseq2.2.1

Name	Operator	Version
subrion_cms	eq	2.2.0
subrion_cms	eq	2.0.4
subrion_cms	le	2.2.2
subrion_cms	eq	2.2.1

References

archives.neohapsis.com/archives/bugtraq/2012-10/0096.html

packetstormsecurity.org/files/116433

packetstormsecurity.org/files/117460/Subrion-CMS-2.2.1-XSS-CSRF-SQL-Injection.html

secunia.com/advisories/51013

www.osvdb.org/85999

www.subrion.com/forums/announcements/934-subrion-2-2-3-open-source-cms-core-available.html

www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5106.php

exchange.xforce.ibmcloud.com/vulnerabilities/78469

exchange.xforce.ibmcloud.com/vulnerabilities/79469

www.htbridge.com/advisory/HTB23113