CVE-2012-4773 Information
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add delete or modify sensitive information as demonstrated by adding an administrator account via an add action to admin/accounts/add/.
Reference
http://archives.neohapsis.com/archives/bugtraq/2012-10/0096.html http://packetstormsecurity.org/files/116433 http://packetstormsecurity.org/files/117460/Subrion-CMS-2.2.1-XSS-CSRF-SQL-Injection.html http://secunia.com/advisories/51013 http://www.osvdb.org/85999 http://www.subrion.com/forums/announcements/934-subrion-2-2-3-open-source-cms-core-available.html http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5106.php https://exchange.xforce.ibmcloud.com/vulnerabilities/78469 https://exchange.xforce.ibmcloud.com/vulnerabilities/79469 https://www.htbridge.com/advisory/HTB23113
Share on: