Vulnerability Details : CVE-2012-4773
Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2012-4773
- cpe:2.3:a:intelliants:subrion_cms:*:*:*:*:*:*:*:*
- cpe:2.3:a:intelliants:subrion_cms:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:intelliants:subrion_cms:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:intelliants:subrion_cms:2.2.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-4773
4.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-4773
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2012-4773
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-4773
-
https://www.htbridge.com/advisory/HTB23113
Multiple vulnerabilities in Subrion CMS - HTB23113 Security Advisory | ImmuniWebExploit
-
http://www.subrion.com/forums/announcements/934-subrion-2-2-3-open-source-cms-core-available.html
Subrion 2.2.3 Open Source CMS core is available! | Subrion CMS ForumsVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/79469
Subrion CMS add page cross-site request forgery CVE-2012-4773 Vulnerability Report
-
http://packetstormsecurity.org/files/117460/Subrion-CMS-2.2.1-XSS-CSRF-SQL-Injection.html
Subrion CMS 2.2.1 XSS / CSRF / SQL Injection ≈ Packet Storm
-
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5106.php
Zero Science Lab » Subrion CMS 2.2.1 CSRF Add Admin ExploitExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/78469
Subrion CMS add administrator cross-site request forgery undefined Vulnerability Report
-
http://archives.neohapsis.com/archives/bugtraq/2012-10/0096.html
Exploit
-
http://packetstormsecurity.org/files/116433
Subrion CMS 2.2.1 Cross Site Request Forgery ≈ Packet StormExploit
Jump to