exploitDog

CVE-2012-0699

Опубликовано: 11 янв. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.

Ссылки

http://www.exploit-db.com/exploits/18667
Exploit
Third Party Advisory
VDB Entry
http://www.exploit-db.com/exploits/18667
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:haudenschilt:family_connections_cms:*:*:*:*:*:*:*:*

Версия до 2.9.0 (включая)

EPSS

Процентиль: 65%

0.00491

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-rqvf-64h2-w7v3

CVSS3: 8.8

github

больше 3 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.

EPSS

Процентиль: 65%

0.00491

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352