Cross site request forgery (csrf)

2012-09-0621:55:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.1%

JSON

Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts.

CPENameOperatorVersion
flatnuxeq20081211.0.0
flatnuxeq200924.0.0
flatnuxeq<= 2011892
flatnuxeq2009127.0.0

Name	Operator	Version
flatnux	eq	20081211.0.0
flatnux	eq	200924.0.0
flatnux	eq	<= 2011892
flatnux	eq	2009127.0.0

References

osvdb.org/80878

packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html

secunia.com/advisories/48656

www.securityfocus.com/bid/52846

www.vulnerability-lab.com/get_content.php?id=487

exchange.xforce.ibmcloud.com/vulnerabilities/74567