exploitDog

CVE-2012-1227

Опубликовано: 21 фев. 2012

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an editpage action, or (4) add a categorie via the blog module.

Ссылки

http://osvdb.org/79005
http://secunia.com/advisories/47934
Vendor Advisory
http://www.exploit-db.com/exploits/18474
Exploit
http://osvdb.org/79005
http://secunia.com/advisories/47934
Vendor Advisory
http://www.exploit-db.com/exploits/18474
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pluck-cms:pluck:4.7:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00132

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-2fxf-pqwj-vmvq

github

больше 3 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an editpage action, or (4) add a categorie via the blog module.

EPSS

Процентиль: 33%

0.00132

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352