CVE-2012-1304

Fork CMS 3.2.4 - Local File Inclusion / Cross-Site Scripting

STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-1304. PoCs published by Ivano Binetti, Avram Marius.

AI-analyzed exploit summary The exploit demonstrates CSRF and XSS vulnerabilities in ForkCMS 3.2.5, including PoC HTML/JavaScript code for deleting users/pages and privilege escalation via session token reuse.

Description

Fork CMS 3.2.4 - Local File Inclusion / Cross-Site Scripting

Exploits (2)

exploitdb WORKING POC
by Ivano Binetti · textwebappsphp
https://www.exploit-db.com/exploits/18563

The exploit demonstrates CSRF and XSS vulnerabilities in ForkCMS 3.2.5, including PoC HTML/JavaScript code for deleting users/pages and privilege escalation via session token reuse.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: ForkCMS 3.2.5 and lower
Auth required
Prerequisites: Authenticated admin session · Victim interaction (CSRF)
devstral-2 · analyzed May 19, 2026 Full analysis →
exploitdb WORKING POC
by Avram Marius · textwebappsphp
https://www.exploit-db.com/exploits/18483

The exploit demonstrates reflected XSS and LFI vulnerabilities in Fork CMS v3.2.4. It includes functional PoC URLs for both issues, showing how arbitrary JavaScript can be executed and local files can be included via path traversal.

Classification
Working Poc 90%
Attack Type
Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Fork CMS v3.2.4
No auth needed
Prerequisites: access to the target URL
devstral-2 · analyzed May 19, 2026 Full analysis →

Details

Status draft
Tracked Since May 05, 2026