CVE-2012-0997

11in1 1.2.1 - Cross-Site Request Forgery in admin/index.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-0997. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in 11in1 1.2.1, allowing an attacker to trick a user into submitting a malicious form to add a new topic. The PoC includes a hidden form with auto-submission via JavaScript.

Description

Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/36786

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in 11in1 1.2.1, allowing an attacker to trick a user into submitting a malicious form to add a new topic. The PoC includes a hidden form with auto-submission via JavaScript.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: 11in1 1.2.1

Auth required

Prerequisites: Victim must be authenticated and visit a malicious page

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit x_refsource_misc

https://www.htbridge.ch/advisory/HTB23071

Scores

EPSS 0.0095

EPSS Percentile 56.5%

Details

CWE

CWE-352

Status published

Products (1)

11in1/11in1 1.2.1 stable_12-31-2011

Published Feb 24, 2012

Tracked Since Feb 18, 2026