CVE-2012-4902

Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an add action to admin/index.php or (2) conduct static PHP code injection attacks via the themes_editor parameter in an edit_template action to admin/index.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:template_cms_project:template_cms:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:43

Type Values Removed Values Added
References () http://osvdb.org/85896 - () http://osvdb.org/85896 -
References () http://www.securityfocus.com/bid/55766 - () http://www.securityfocus.com/bid/55766 -
References () https://www.exploit-db.com/exploits/21742/ - () https://www.exploit-db.com/exploits/21742/ -
References () https://www.htbridge.com/advisory/HTB23115 - Exploit () https://www.htbridge.com/advisory/HTB23115 - Exploit

Information

Published : 2015-05-20 19:59

Updated : 2024-11-21 01:43


NVD link : CVE-2012-4902

Mitre link : CVE-2012-4902

CVE.ORG link : CVE-2012-4902


JSON object : View

Products Affected

template_cms_project

  • template_cms
CWE
CWE-352

Cross-Site Request Forgery (CSRF)