Vulnerability Details : CVE-2012-1498
Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio CMS 1.1.4 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via an add action to admin/users/add or (2) modify a web page via a save action to admin/pages/edit/web_page_name.
Vulnerability category: Cross-site request forgery (CSRF)
Exploit prediction scoring system (EPSS) score for CVE-2012-1498
Probability of exploitation activity in the next 30 days: 2.97%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-1498
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2012-1498
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1498
-
http://www.securityfocus.com/bid/52218
Webfolio CMS Cross Site Request Forgery VulnerabilityExploit
-
http://www.exploit-db.com/exploits/18536
WebfolioCMS 1.1.4 - Cross-Site Request Forgery (Add Admin/Modify Pages) - PHP webapps ExploitExploit
-
http://packetstormsecurity.org/files/110294/WebfolioCMS-1.1.4-Cross-Site-Request-Forgery.html
WebfolioCMS 1.1.4 Cross Site Request Forgery ≈ Packet StormExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/73575
Webfolio CMS Add Administrator and Modify Web Page cross-site request forgery CVE-2012-1498 Vulnerability Report
-
http://ivanobinetti.blogspot.com/2012/02/webfoliocms-114-csrf-add-adminmodify.html
Ivano Binetti: WebfolioCMS <= 1.1.4 CSRF (Add Admin/Modify Pages)
Products affected by CVE-2012-1498
- cpe:2.3:a:nikola_posa:webfoliocms1.1.3:*:*:*:*:*:*:*:*
- cpe:2.3:a:nikola_posa:webfoliocms1.1.2:*:*:*:*:*:*:*:*
- cpe:2.3:a:nikola_posa:webfoliocms1.1.1:*:*:*:*:*:*:*:*
- cpe:2.3:a:nikola_posa:webfoliocms1.1.0:*:*:*:*:*:*:*:*
- cpe:2.3:a:nikola_posa:webfoliocms1.0.9:*:*:*:*:*:*:*:*
- cpe:2.3:a:nikola_posa:webfoliocms1.0.8:*:*:*:*:*:*:*:*
- cpe:2.3:a:nikola_posa:webfoliocms1.0.7:*:*:*:*:*:*:*:*
- cpe:2.3:a:nikola_posa:webfoliocms1.0.6:*:*:*:*:*:*:*:*
- cpe:2.3:a:nikola_posa:webfoliocms1.0.5:*:*:*:*:*:*:*:*
- cpe:2.3:a:nikola_posa:webfoliocms1.0.4:*:*:*:*:*:*:*:*
- cpe:2.3:a:nikola_posa:webfoliocms1.0.3:*:*:*:*:*:*:*:*
- cpe:2.3:a:nikola_posa:webfoliocms1.0.2:*:*:*:*:*:*:*:*
- cpe:2.3:a:nikola_posa:webfoliocms1.1.4:*:*:*:*:*:*:*:*