Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an add action to admin/index.php or (2) conduct static PHP code injection attacks via the themes_editor parameter in an edit_template action to admin/index.php.
References
Configurations
History
21 Nov 2024, 01:43
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/85896 - | |
References | () http://www.securityfocus.com/bid/55766 - | |
References | () https://www.exploit-db.com/exploits/21742/ - | |
References | () https://www.htbridge.com/advisory/HTB23115 - Exploit |
Information
Published : 2015-05-20 19:59
Updated : 2024-11-21 01:43
NVD link : CVE-2012-4902
Mitre link : CVE-2012-4902
CVE.ORG link : CVE-2012-4902
JSON object : View
Products Affected
template_cms_project
- template_cms
CWE
CWE-352
Cross-Site Request Forgery (CSRF)