CVE-2012-1414

Plume-cms Plume Cms < 1.2.4 - CSRF

Title source: rule

Description

Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that create News pages via a publish action.

Exploits (1)

exploitdb WORKING POC

by Ivano Binetti · htmlwebappsphp

https://www.exploit-db.com/exploits/18502

View Code ZIP pw:eip

References (2)

[Exploit] http://www.exploit-db.com/exploits/18502

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/73317

Scores

EPSS 0.0021

EPSS Percentile 43.6%

Details

CWE

CWE-352

Status published

Products (11)

plume-cms/plume_cms 1.0.2

plume-cms/plume_cms 1.0.3

plume-cms/plume_cms 1.0.4

plume-cms/plume_cms 1.0.5

plume-cms/plume_cms 1.0.6

plume-cms/plume_cms 1.1.3

plume-cms/plume_cms 1.2

plume-cms/plume_cms 1.2.1

plume-cms/plume_cms 1.2.2

plume-cms/plume_cms 1.2.3

... and 1 more

Published Oct 07, 2012

Tracked Since Feb 18, 2026