CVE-2012-1415

DFLabs PTK < 1.0.5 - Cross-Site Request Forgery in Logout Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1415. PoCs published by Ivano Binetti.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in DFLabs PTK <= 1.0.5, allowing an attacker to force administrator/investigator logout by tricking them into visiting a malicious webpage. The lack of session validation in the logout.php script enables this attack.

Description

Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout.

Exploits (1)

exploitdb WORKING POC

by Ivano Binetti · textwebappsphp

https://www.exploit-db.com/exploits/18513

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in DFLabs PTK <= 1.0.5, allowing an attacker to force administrator/investigator logout by tricking them into visiting a malicious webpage. The lack of session validation in the logout.php script enables this attack.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: DFLabs PTK <= 1.0.5

No auth needed

Prerequisites: Victim must visit a malicious webpage · PTK must be accessible via HTTP

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18513/

Scores

EPSS 0.0106

EPSS Percentile 60.1%

Details

CWE

CWE-352

Status published

Products (1)

dflabs/ptk < 1.0.5

Published Dec 28, 2014

Tracked Since Feb 18, 2026