CVE-2012-1216
PBBoard 2.1.4 - Cross-Site Request Forgery via Admin File Upload and Edit Actions
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in PBBoard 2.1.4 allow remote attackers to hijack the authentication of administrators for requests that (1) upload a file via an add action or (2) change the contents of a file via a dit action.
References (2)
Core 2
Core References
Exploit x_refsource_misc
http://packetstormsecurity.org/files/109706/PBBoard-2.1.4-Cross-Site-Request-Forgery-Shell-Upload.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47948
Scores
EPSS
0.0063
EPSS Percentile
46.0%
Details
CWE
CWE-352
Status
published
Products (1)
pbboard/pbboard
2.1.4
Published
Feb 21, 2012
Tracked Since
Feb 18, 2026