CVE-2012-1227: CSRF
First published: Tue Feb 21 2012(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an editpage action, or (4) add a categorie via the blog module.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pluck CMS | =4.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-1227?
CVE-2012-1227 is classified as a moderate severity vulnerability due to its potential impact on admin account hijacking.
How do I fix CVE-2012-1227?
To fix CVE-2012-1227, update Pluck CMS to a version that addresses these CSRF vulnerabilities.
What actions can be exploited in CVE-2012-1227?
CVE-2012-1227 allows attackers to exploit actions that modify admin email, change the blog title, or add a page.
Who is affected by CVE-2012-1227?
Any admin user of Pluck CMS version 4.7 is potentially affected by CVE-2012-1227.
What type of vulnerability is CVE-2012-1227?
CVE-2012-1227 is a cross-site request forgery (CSRF) vulnerability that can lead to unauthorized actions on behalf of users.
- agent/type
- agent/softwarecombine
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/pluck-cms
- canonical/pluck cms
- version/pluck cms/4.7