CVE-2012-6493 Information

Description

Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.

Reference

http://archives.neohapsis.com/archives/bugtraq/2013-01/0014.html http://osvdb.org/88923 http://packetstormsecurity.com/files/119260/Nexpose-Security-Console-Cross-Site-Request-Forgery.html http://www.exploit-db.com/exploits/23924 https://community.rapid7.com/docs/DOC-2155release1