CVE-2012-1208

Fork CMS 3.2.4 - Cross-Site Scripting via Report or Error Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-1208. PoCs published by Ivano Binetti, Avram Marius.

AI-analyzed exploit summary This is a detailed writeup describing multiple vulnerabilities in ForkCMS 3.2.5, including CSRF and XSS. It provides proof-of-concept HTML/JS code for exploiting these vulnerabilities but does not contain executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index.

Exploits (2)

exploitdb WRITEUP
by Ivano Binetti · textwebappsphp
https://www.exploit-db.com/exploits/18563

This is a detailed writeup describing multiple vulnerabilities in ForkCMS 3.2.5, including CSRF and XSS. It provides proof-of-concept HTML/JS code for exploiting these vulnerabilities but does not contain executable exploit code.

Classification
Writeup 100%
Attack Type
Xss | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: ForkCMS 3.2.5 and lower
Auth required
Prerequisites: Authenticated admin session · Victim interaction (CSRF) · Same browser session for privilege escalation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Avram Marius · textwebappsphp
https://www.exploit-db.com/exploits/18483

This exploit demonstrates reflected XSS and LFI vulnerabilities in Fork CMS v3.2.4. The XSS payloads are injected via URL parameters, while the LFI allows reading arbitrary files via path traversal.

Classification
Working Poc 90%
Attack Type
Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Fork CMS v3.2.4
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47937
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/51972

Scores

EPSS 0.0412
EPSS Percentile 89.5%

Details

CWE
CWE-79
Status published
Products (1)
fork-cms/fork_cms 3.2.4
Published Feb 24, 2012
Tracked Since Feb 18, 2026