CVE-2012-4773

Sažetak

Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/.

Reference

http://archives.neohapsis.com/archives/bugtraq/2012-10/0096.html
http://packetstormsecurity.org/files/116433
http://packetstormsecurity.org/files/117460/Subrion-CMS-2.2.1-XSS-CSRF-SQL-Injection.html
http://secunia.com/advisories/51013
http://www.osvdb.org/85999
http://www.subrion.com/forums/announcements/934-subrion-2-2-3-open-source-cms-core-available.html
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5106.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/78469
https://exchange.xforce.ibmcloud.com/vulnerabilities/79469
https://www.htbridge.com/advisory/HTB23113

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-08-2017 - 01:32

Objavljeno

22-10-2012 - 23:55