CVE-2012-4773: CSRF
First published: Mon Oct 22 2012(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Intelliants Subrion CMS | <=2.2.2 | |
| Intelliants Subrion CMS | =2.0.4 | |
| Intelliants Subrion CMS | =2.2.0 | |
| Intelliants Subrion CMS | =2.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/bugtraq/2012-10/0096.html
- http://packetstormsecurity.org/files/116433
- http://packetstormsecurity.org/files/117460/Subrion-CMS-2.2.1-XSS-CSRF-SQL-Injection.html
- http://secunia.com/advisories/51013
- http://www.osvdb.org/85999
- http://www.subrion.com/forums/announcements/934-subrion-2-2-3-open-source-cms-core-available.html
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5106.php
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78469
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79469
- https://www.htbridge.com/advisory/HTB23113
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/tags
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- vendor/intelliants
- canonical/intelliants subrion cms
- version/intelliants subrion cms/2.2.2
- version/intelliants subrion cms/2.0.4
- version/intelliants subrion cms/2.2.0
- version/intelliants subrion cms/2.2.1