Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) status parameter to admin/stats_monthly_sales.php or (2) country parameter in a process action to admin/create_account_process.php.
References
Configurations
History
21 Nov 2024, 01:46
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/bugtraq/2012-04/0021.html - | |
References | () http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/74753 - | |
References | () https://www.htbridge.com/advisory/HTB23081 - Exploit |
Information
Published : 2015-05-20 18:59
Updated : 2024-11-21 01:46
NVD link : CVE-2012-6691
Mitre link : CVE-2012-6691
CVE.ORG link : CVE-2012-6691
JSON object : View
Products Affected
oscmax
- oscmax
CWE
CWE-352
Cross-Site Request Forgery (CSRF)