CVE-2012-4773
CVE-2012-4773
Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 4
cve_referencepacketstormsecurity.org/files/116433não verificadocve_referencepacketstormsecurity.org/files/117460/Subrion-CMS-2.2.1-XSS-CSRF-SQL-Injection.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/21267não verificadoexploitdbwww.exploit-db.com/exploits/22159não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://archives.neohapsis.com/archives/bugtraq/2012-10/0096.htmlhttp://packetstormsecurity.org/files/116433http://packetstormsecurity.org/files/117460/Subrion-CMS-2.2.1-XSS-CSRF-SQL-Injection.htmlhttp://secunia.com/advisories/51013https://exchange.xforce.ibmcloud.com/vulnerabilities/78469https://exchange.xforce.ibmcloud.com/vulnerabilities/79469https://www.htbridge.com/advisory/HTB23113http://www.osvdb.org/85999http://www.subrion.com/forums/announcements/934-subrion-2-2-3-open-source-cms-core-available.htmlhttp://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5106.php