CVE-2012-1058

Flyspray 0.9.9.6 - CSRF

Title source: llm

Description

Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an admin.newuser action to index.php.

Exploits (1)

exploitdb WORKING POC

by Vaibhav Gupta · htmlwebappsphp

https://www.exploit-db.com/exploits/18468

View Code ZIP pw:eip

References (5)

[Exploit] http://packetstormsecurity.org/files/109507/Flyspray-0.9.9.6-Cross-Site-Request-Forgery.html

[Vendor Advisory] http://secunia.com/advisories/47881

[Exploit] http://www.exploit-db.com/exploits/18468

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/73051

[Third Party Advisory, VDB Entry] http://osvdb.org/78923

Scores

EPSS 0.0029

EPSS Percentile 52.7%

Details

CWE

CWE-352

Status published

Products (1)

flyspray/flyspray 0.9.9.6

Published Feb 14, 2012

Tracked Since Feb 18, 2026